Friday, 16 September 2016

Hackers can steal credentials from locked Computers using USB hacking devices


A researcher named Rob Fuller has shown how easy it is for hackers to steal data from locked computers using a small USB device. Using physical access to the targeted device can capture its login details within few seconds as long as the machine is logged in.

Rob Fuller tested the attack method using USB Armory and Hak5 LAN turtle, two flash drive-size computers designed for penetration testing and few different security applications. USB configured to look like a DHCP server tricks the connected computer into communicating with it. These network communications, which contain credentials like usernames and passwords, can be captured by installing Responder, an open source tool.

#SecurityTip Don’t leave your workstation logged in, especially overnight, unattended, even if you lock the screen..

It took only 12 seconds to obtain the username and password hash. The hashes can be either cracked or using pass-the-hash attack. Fuller tested this attack method on Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1 and Windows 10.

 Short video made by Rob Fuller demonstrating how the attack works


Share:

0 comments:

Post a Comment