This $50 Hak5 Turtle Can Steal Login Credentials From Unattended, Locked Macs And PCs

You might think that logging out of your PC before leaving it unattended for a short time is relatively safe, but you'd be wrong. A security engineer at R5 Industries demonstrated how incredibly easy it is to swipe the login credentials of a locked Mac or Windows PC using just a $50 USB device that's available to anyone and everyone online.

His name is Rob Fuller and he has an extensive history in information security. He's helped design and build cyber defenses for the U.S. Marine Corps and Pentagon, has worked with Fortune 50 companies to tighten their online defenses, and even served as a technical advisor for HBO's original comedy Silicon Valley. You might also recognize him as the host of Hak5's Metasploit Minute.

Hak5 Turtle

This guy lives and breathes computer security, and in a recent blog post he described how frighteningly simple it is to swipe login credentials using a mini PC that's about the size of a USB flash drive.

"First off, this is dead simple and shouldn’t work, but it does. Also, there is no possible way that I’m the first one that has identified this, but here it is (trust me, I tested it so many ways to confirm it because I couldn’t believe it was true)," Fuller begins.

His post mainly focuses on stealing login information using a USB Armory that sells for $155, but he says the same thing can be accomplished with a Hak5 Turtle that sells for a third of the price. Both are essentially tiny Linux PCs that are able to emulate a USB Ethernet device.

"If I plug in a device that masquerades as a USB Ethernet adapter and has a computer on the other end, can I capture credentials from a system, even when locked out (yes, logged in, just locked). (..or do even more, but we’ll save that for another time, this post is already too long)," Fuller goes on toe explain.

There's some configuring that needs to be done for this to work, such as setting up the USB device as a DHCP server. Once it's setup, a hacker need only plug the device into a locked PC. It takes about 13 seconds for the modified USB device to steal login credentials. Check it out:



Fuller says he's successfully tested the hack on Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1, Windows 10 (Home and Enterprise), and Mac OS X El Capitan and Mavericks. He hasn't had a chance to test it on Linux but is planning to do so.

Tags:  security, Hacking, hak5
Via:  Rob Fuller
Show comments blog comments powered by Disqus