Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

USB Hacking Devices Can Steal Credentials From Locked Computers

A researcher has shown how easy it is for hackers to steal credentials from locked Windows and Mac OS X computers using a small USB device.

A researcher has shown how easy it is for hackers to steal credentials from locked Windows and Mac OS X computers using a small USB device.

Many users might think that leaving their computer unattended does not pose any security risks as long as the device is locked. However, researcher Rob Fuller has demonstrated that an attacker with physical access to the targeted device can capture its login credentials in just seconds as long as the machine is logged in.

The expert has tested the attack method using USB Armory and Hak5 LAN Turtle, two flash drive-size computers designed for penetration testing and various other security applications.

Fuller demonstrated how either of these devices can be set up to capture credentials from a locked, logged-in system by disguising them as a USB Ethernet adapter. Configuring the USB device to look like a DHCP server tricks the connected computer into communicating with it. These network communications, which include usernames and passwords, can be captured by installing Responder, an open source passive credential gathering tool, on the hacking gadget.

The time it takes to capture a machine’s credentials depends on the targeted system, but the researcher has managed to conduct the attack and obtain the username and password hash in just 13 seconds. The harvested hashes can then either be cracked or downgraded for use in pass-the-hash attacks.

Fuller has successfully reproduced the attack on Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1 and Windows 10. The expert has also conducted attacks against OS X El Capitan and Mavericks, but he has yet to confirm that the method works on other configurations than his own. Linux has not been tested.

The researcher has created a video demonstrating how the attack works against a Windows 10 machine:

Advertisement. Scroll to continue reading.

“This is dead simple and shouldn’t work, but it does,” Fuller said in a blog post. “Also, there is no possible way that I’m the first one that has identified this, but here it is (trust me, I tested it so many ways to confirm it because I couldn’t believe it was true).”

According to Fuller, both USB Armory, which costs $155, and LAN Turtle, priced at $50, have their advantages. While USB Armory is faster and more versatile, the LAN Turtle is easier to disguise and it offers the possibility to also get a shell on the targeted system. LAN Turtle developers announced that the device is backordered due to increased demands generated by Fuller’s new exploit.

Related Reading: New Windows Attack Turns Evil Maid into Malicious Butler

Related Reading: Unmodified USB Devices Allow Data Theft From Air-Gapped Systems

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

The Zero Day Dilemma

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...