Notebookcheck Logo
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Windows Login: Hacked with a USB-stick in a couple of seconds?

This device can be used to snag credentials from a locked Windows-PC.
This device can be used to snag credentials from a locked Windows-PC.
Locked Windows (or even OS X)-PCs might be vulnerable to a a quick drive-by-attack using network devices disguised as USB-sticks.
Alexander Fagot,

If you think, a locked Windows (or OS X) PC is secure, think again. Anyone with physical access to the device could apparently snag your credentials in a matter of seconds. Rob Fuller, also knows as mubix was able to do just that by plugging in a USB stick, that in reality was a small computer. Using this device, that appears to the PC as a network device he was able to get the PC to respond to DHCP and thereby change DNS servers and gateway information. In less than 20 seconds, the locked Windows PC redirected network traffic through the USB device, which then requested authentification and was presented with the login credentials of the currently logged in user.

Even if Windows did not give out the password in clear text but as a hash, this just caused a small delay. According to Rob, this worked with every Windows version up to Windows 10. He said, that he was also successful on OS X using the same technique but so far there is no proof on that yet. At the moment he is working to see if Linux is susceptible to this kind of attack as well. It is difficult to answer the obvious question, how you could prevent an attack like that? If someone has physical access to your PC and the necessary knowledge, he will succeed one way or another. An attack like this could obviously be prevented by disabling USB or DHCP but who does that?


Read all 2 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Alexander Fagot
Alexander Fagot - Managing Editor News - 8348 articles published on Notebookcheck since 2016
As a young tech enthusiast with a history involving assembling and overclocking projects, I ended up working as a projectionist with good old 35-mm films before I entered the computer world at a professional level. I assisted customers at an Austrian IT service provider called Iphos IT Solutions for seven years, working as a Windows client and server administrator as well as a project manager. As a freelancer who travels a lot, I have been able to write for Notebookcheck from all corners of the world since 2016. My articles cover brand-new mobile technologies in smartphones, laptops, and gadgets of all kinds.
contact me via: @alfawien
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2016 09 > Windows Login: Hacked with a USB-stick in a couple of seconds?
Alexander Fagot, 2016-09-11 (Update: 2016-09-11)