Windows Login: Hacked with a USB-stick in a couple of seconds?
If you think, a locked Windows (or OS X) PC is secure, think again. Anyone with physical access to the device could apparently snag your credentials in a matter of seconds. Rob Fuller, also knows as mubix was able to do just that by plugging in a USB stick, that in reality was a small computer. Using this device, that appears to the PC as a network device he was able to get the PC to respond to DHCP and thereby change DNS servers and gateway information. In less than 20 seconds, the locked Windows PC redirected network traffic through the USB device, which then requested authentification and was presented with the login credentials of the currently logged in user.
Even if Windows did not give out the password in clear text but as a hash, this just caused a small delay. According to Rob, this worked with every Windows version up to Windows 10. He said, that he was also successful on OS X using the same technique but so far there is no proof on that yet. At the moment he is working to see if Linux is susceptible to this kind of attack as well. It is difficult to answer the obvious question, how you could prevent an attack like that? If someone has physical access to your PC and the necessary knowledge, he will succeed one way or another. An attack like this could obviously be prevented by disabling USB or DHCP but who does that?