A $50 Device Can Easily Steal Your Login Password
We have always been advised to use a strong password, as it meant to keep your computer secure. Well but that also seems to be of little help as one can steal your login credentials using a $50 piece of hardware and an app.
R5 Industries principal security engineer Rob Fuller in one of the videos posted on YouTube claims he was able to steal username and password from a locked computer using a USB device loaded with a hacking app called Responder.
He says the stolen passwords are encoded yet they can be cracked once they are in possession of another person. He demonstrates this in the video where he uses a small Linux-powered computer USB Armory which cost $155, though Hak5 Turtle a $50 can be used. Computers share login details with them as they recognize the devices as trusted Ethernet adapters.
Fuller said he tried the combination with both operating systems ie Windows and EI Capitan, though he needs to confirm whether his Mac Experiment was a fluke. He confirmed that the hack was so easy to pull off since he had a hard time believing it was possible he “tested it so many ways to confirm,”
The whole procedure he captured on the cam, which you can watch below, and explained how it works in an email to Ars Technica:
What is happening in the video, is the USB Armory is being plugged into a locked (but logged in) system. It boots up via the USB power, and starts up a DHCP server, and Responder. While it’s doing this, the victim is recognizing it as a Ethernet adapter. The victim then makes route decisions and starts sending the traffic it was already creating to the Armory instead of the “real” network connection. Responder does its job and responds to all kinds of services asking for authentication, and since most OSs treat their local network as “trusted” it sees the authentication request and automatically authenticates. Seeing that the database of Responder has been modified the Armory shuts down (LED goes solid).
If you are exclusively using your computer at home and there is nobody living there you don’t trust you need not worry. But it would be a little risky if you happen to carry your laptop to coffee shops and other places. It’s always better to make sure you never leave your computer unattended.