You’d think protecting your computer with a strong password can keep it safe, but apparently, all it takes to steal your log-in credentials is a $50 piece of hardware and an app. According to R5 Industries principal security engineer Rob Fuller, he was able to pilfer usernames and passwords from locked computers using a USB device loaded with a hacking app called Responder. The stolen passwords are encoded, sure, but once they’re in another person’s possession, they can be cracked. One of the small, Linux-powered computers he used (USB Armory) costs $155, but the other (Hak5 Turtle) costs only $50. Computers share log-in credentials with them, because they recognize the devices as trusted Ethernet adapters.
Fuller said the combination worked on all versions of Windows and even on El Capitan, though he still needs to check whether his Mac experiment was a fluke. He also said that the hack was so easy to pull off, he “tested it so many ways to confirm” since he had such a hard time believing it was possible.
He captured the process on cam, which you can watch below, and explained how it works in an email to Ars Technica:
“What is happening in the video, is the USB Armory is being plugged into a locked (but logged in) system. It boots up via the USB power, and starts up a DHCP server, and Responder. While it’s doing this, the victim is recognizing it as a Ethernet adapter. The victim then makes route decisions and starts sending the traffic it was already creating to the Armory instead of the “real” network connection. Responder does its job and responds to all kinds of services asking for authentication, and since most OSs treat their local network as “trusted” it sees the authentication request and automatically authenticates. Seeing that the database of Responder has been modified the Armory shuts down (LED goes solid).”
Read more at: engadget