Locking your computer and using a strong password to log back in are two of the most basic computer security essentials we are always advised to do. In office spaces, the lock screen is a convenient feature that suspends your activities and protects your work from would-be visual snoopers without completely shutting your computer down.
But is the lock screen still as traditionally safe as it should be?
According to R5 Industries’ principal security engineer Rob Fuller aka mubix, there’s an easy and quick way of stealing login credentials from a locked computer with a method that utilizes a mere $50 worth of hardware.
In his blog post, Fuller detailed a technique where he was able to steal Windows user credentials by plugging a USB stick mini-computer into a locked computer. In about 20 seconds, he was able to scoop the login name and password of the current user using an authentication hacking application called Responder.
For his demonstration, Fuller used the $155 flash-drive sized Linux computer USB Armory but he says his method will work with the cheaper $50 Hak5 Turtle, a similar USB stick Linux-based mini-computer.
His hack works like this: upon plugging in the USB stick to a locked (but logged in) PC, it boots up and proceeds to emulate a USB Ethernet device. It then starts a DHCP server to make the USB device the default gateway of the PC, routing all network traffic through it. The app Responder is then used to grab the authentication tokens for decryption.