Security engineer at R5 Industries Rob Fuller has published a blog post in which he explains that it is easy to grab the login credentials from a locked Windows or Mac PC.
The hack works on machines that are logged in, but locked. If you haven’t logged in, the machine isn’t vulnerable to this attack.
To execute the attack, you configure one of the USB-mounted computers to become a DHCP server and the computer’s default gateway to the Internet.
Combined with a hacking tool called Responder, the device can then receive authentication tokens. These authentication hashes can then either be cracked or downgraded to gain access to the machine.
Fuller told Ars Technica that some hackers were able to get a similar setup working on a Raspberri Pi Zero, reducing the cost of the hack to $5.
He also said that although he has confirmed that the hack works reliably, he is working with others to make sure it is not just his setup that is vulnerable.