PC – Stealing Credentials Now Made Easier and Cheaper



If you think stealing information from a PC or Mac computer needs to have millions of dollars-worth of sophisticated modern equipment just like in movies or TV shows, then you’re terribly wrong. We are now living in a time wherein physical access to one’s computer can be done with a very cheap device, and all it needs is just 20-seconds to complete. This is all due to a technique that only requires about $50-worth of hardware, and enough time for a long handshake to complete.

PC - Stealing Credentials Now Made Easier and Cheaper

Stealing Login Credentials From a PC or Mac is Now Made Easier

Principal security engineer at R5 industries Rob Fuller stated that the hack will work reliably on a PC with the Windows platform, and it has also been tested to work on a computer running on OS X as well. However, at the time of writing, he is also working with others in order to determine if this is just because of his setup that would deem the hacking technique to be a cause for worry.

So how does the hack work? It works by plugging in a thumb-drive-sized minicomputer into an unattended machine that is currently logged in by someone but is locked at the moment. Then, in just about 20 to 30-seconds, this device that is plugged in via the USB port of the Windows PC or Mac OS X computer will then obtain the user name and password hash that has been used to log into said machine. Think of it as those hacking devices that you see in movies and TV shows wherein the actor or actress just plugs in the device into a USB port of a computer, types in a few things, then immediately gets the information they want.

Fuller stated that this technique for hacking the credentials off of a PC or Mac was tested and proven to have worked on both the Hak5 Turtle and USB Armory, and both of these devices are USB-mounted computer that run on the Linux platform. To recall, the principal security engineer is also known by his hacker handle, mubix. “First off, this is dead simple and shouldn’t work, but it does,” mubix wrote in a blog post he had published on Tuesday. “Also, there is no possible way that I’m the first one that has identified this, but here it is (trust me, I tested it so many ways to confirm it because I couldn’t believe it was true).” He also stated that there are some people who have made a similar setup to work on a RaspberriPi Zero.


ADVERTISEMENTS



Share This on Facebook

Up Next:
2016 Volkswagen Passat 2.0 TSI DSG Automatic Review - A Nice Change of Pace

2016 Volkswagen Passat 2.0 TSI DSG Automatic Review - A Nice Change of Pace

When looking for a full-sized sedan your choices are limited to among the popular brands, enter the 2016 Volkswagen Passat 2.0 TSI DSG in business edition trim and prepare to be treated with European class. While the VW may be more expensive than the Japanese competition it’s more than made up for with refinement, quality, and even fuel efficienc...Read More


 
PC – Stealing Credentials Now Made Easier and Cheaper
4.1 (81.9%) ratings from 21 users