Windows Login: Hacked with a USB-stick in a couple of seconds?

This device can be used to snag credentials from a locked Windows-PC.
This device can be used to snag credentials from a locked Windows-PC.
Locked Windows (or even OS X)-PCs might be vulnerable to a a quick drive-by-attack using network devices disguised as USB-sticks.

If you think, a locked Windows (or OS X) PC is secure, think again. Anyone with physical access to the device could apparently snag your credentials in a matter of seconds. Rob Fuller, also knows as mubix was able to do just that by plugging in a USB stick, that in reality was a small computer. Using this device, that appears to the PC as a network device he was able to get the PC to respond to DHCP and thereby change DNS servers and gateway information. In less than 20 seconds, the locked Windows PC redirected network traffic through the USB device, which then requested authentification and was presented with the login credentials of the currently logged in user.

Even if Windows did not give out the password in clear text but as a hash, this just caused a small delay. According to Rob, this worked with every Windows version up to Windows 10. He said, that he was also successful on OS X using the same technique but so far there is no proof on that yet. At the moment he is working to see if Linux is susceptible to this kind of attack as well. It is difficult to answer the obvious question, how you could prevent an attack like that? If someone has physical access to your PC and the necessary knowledge, he will succeed one way or another. An attack like this could obviously be prevented by disabling USB or DHCP but who does that?

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
News and Editorial Editor - Details here


Read all 2 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2016 09 > Windows Login: Hacked with a USB-stick in a couple of seconds?
Alexander Fagot, 2016-09-11 (Update: 2016-09-11)
Alexander Fagot
Alexander Fagot - Editor
As a former projectionist still used to working with 35 mm film and experience in computer assembling and overclocking, I was drawn to the professional IT crowd a couple of years back and started working in IT support, Windows administration and project management before discovering my love for traveling the world. Now I am working as a news editor from all parts of the world, mostly writing about gadgets and mobile gear for Notebookcheck.