If you think stealing information from a PC or Mac computer needs to have millions of dollars-worth of sophisticated modern equipment just like in movies or TV shows, then you’re terribly wrong. We are now living in a time wherein physical access to one’s computer can be done with a very cheap device, and all it needs is just 20-seconds to complete. This is all due to a technique that only requires about $50-worth of hardware, and enough time for a long handshake to complete.
Stealing Login Credentials From a PC or Mac is Now Made Easier
Principal security engineer at R5 industries Rob Fuller stated that the hack will work reliably on a PC with the Windows platform, and it has also been tested to work on a computer running on OS X as well. However, at the time of writing, he is also working with others in order to determine if this is just because of his setup that would deem the hacking technique to be a cause for worry.
So how does the hack work? It works by plugging in a thumb-drive-sized minicomputer into an unattended machine that is currently logged in by someone but is locked at the moment. Then, in just about 20 to 30-seconds, this device that is plugged in via the USB port of the Windows PC or Mac OS X computer will then obtain the user name and password hash that has been used to log into said machine. Think of it as those hacking devices that you see in movies and TV shows wherein the actor or actress just plugs in the device into a USB port of a computer, types in a few things, then immediately gets the information they want.
Fuller stated that this technique for hacking the credentials off of a PC or Mac was tested and proven to have worked on both the Hak5 Turtle and USB Armory, and both of these devices are USB-mounted computer that run on the Linux platform. To recall, the principal security engineer is also known by his hacker handle, mubix. “First off, this is dead simple and shouldn’t work, but it does,” mubix wrote in a blog post he had published on Tuesday. “Also, there is no possible way that I’m the first one that has identified this, but here it is (trust me, I tested it so many ways to confirm it because I couldn’t believe it was true).” He also stated that there are some people who have made a similar setup to work on a RaspberriPi Zero.
Share This on Facebook