Here’s How Your Windows Passwords Can Be Hacked In 13 Seconds

For some years the security rules dictate that it is best to always have a password enabled on our computer, a measure that we know is not 100% safe but it helps to have an additional layer to protect our information.

How To Create Fake Blue Screen Of Death In Windows

Within these “customs” many users usually activate the lock when they are about to move away from their computers temporarily, blocking where the session is still open. This measure might seem like a good habit, however, today we will see that it is not, since it has been discovered that a computer in this state is the perfect victim to extract access credentials.

Rob Fuller, a security engineer for R5 Industries, has discovered that operating systems such as Windows and OS X are prone to credential theft when locked with active sessions, as the computer maintains many of the active processes where the hash or digital signature of the user, including the network connection, has been registered.

Microsoft Was Hacked In 2013, Never Said Anyone

To access this digital signature you only need to connect a USB device for a few seconds to violate the hash and store it in the device, which will later serve to access other “protected” services where network services are included.

To demonstrate the vulnerability, Fuller has used a unit known as USB Armory, which is available on the market for approximately $155, which must be programmed to simulate a USB to Ethernet LAN adapter, which will become the interface of the main network of the computer to be hacked.

This is possible because the vast majority of computers are programmed to automatically install USB devices that connect, and when the USB device is a network card, the computer configures it to become the main gateway.

#SecurityTip Don't leave your workstation logged in, especially overnight, unattended, even if you lock the screen.. 😉

— Rob Fuller (@mubix) September 7, 2016

With this, the attacker becomes the control of the network configuration, which will give access to DNS, the configuration of proxies, among other things, but more importantly, it allows you to intercept and manipulate all the network traffic that occurs on the computer “locked”.

Russian Hackers Stole Secret NSA Data With The Help Of Kaspersky

All that traffic that occurs while the session is open allows you to use the extracted NTLM (NT LAN Manager) hash to access the account name and password in approximately 13 seconds.

Fuller tested this method on a couple of computers with Windows 8 and 10 as well as OS X, but still can not confirm that the Mac case is due to a default failure in the operation or is due to a configuration that does vulnerable. Meanwhile, the recommendation is to shut down completely, block disconnecting the network connection, or in any case shut down the computer completely, as Fuller mentions: “It is not possible for me to be the first to have discovered this.”

This $500 Device Can Hack Three iPhone 7s In Just 1 Second

So, if you liked this article then simply do not forget to share this article with your friends and family.