1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A USB device is all it takes to steal credentials from locked PCs

Discussion in 'CSO' started by RSS, Sep 8, 2016.

  1. RSS

    RSS New Member Member

    Most users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn't good enough, a researcher demonstrated this week.

    Rob Fuller, principal security engineer at R5 Industries, found out that all it takes to copy an OS account password hash from a locked Windows computer is to plug in a special USB device for a few seconds. The hash can later be cracked or used directly in some network attacks.

    For his attack, Fuller used a flash-drive-size computer called USB Armory that costs $155, but the same attack can be pulled off with cheaper devices, like the Hak5 LAN Turtle, which costs $50.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page