Security Engineer Finds Way to Steal Login Information from Locked PCs and Macs
The only things needed are a small $50 device and 20 seconds of physical access to the computer
Rob Fuller, a principal security engineer working at R5 Industries, has discovered a way to steal login information from a logged-in PC or Mac…even when the computer is locked.
According to Ars Technica, the hacker simply plugs a flash-sized minicomputer into a USB port of a computer that's logged in but locked. It will be only about 20 seconds before the USB device obtains the username and password used to log in on the computer.
"First off, this is dead simple and shouldn't work, but it does," Fuller wrote in a blog post. "Also, there is no possible way that I'm the first one that has identified this, but here it is (trust me, I tested it so many ways to confirm it because I couldn't believe it was true)."
After that, the hacker simply needs to either crack or downgrade the password in order to access the computer.
So far, Fuller notes, the hack works well on Windows and has also worked on his personal OS X device, though he has not yet determined if it will work on other Macs.