A security researcher has demonstrated a way to determine the password needed to access a Windows or OS X protected. Rob Fuller using a technique, if the equipment in question is locked and SoC-based USB to break the User Credentials device is used.
By changing the firmware of a USB device, Fuller was able to make the device appears as an Ethernet adapter. Posing for a network connection, it is possible to fool a target computer to give up an account password.
Fuller provides a detailed analysis of how the attack works on a website outage. The trick can be achieved by using a very cheap material, and Fuller said that "it's simple and death should not work but does."
While the attacker should have physical access to a computer to take advantage of the exploit, the evidence shows that 13 seconds is all you need to collect passwords. Fuller has managed to conduct successful attacks using USB Tortoise and the Armoury Hak5 in all versions of Windows to Windows 10 (not Windows 8 for some reason) and OS X captain.
No comments:
Post a Comment