All you need to hack a locked Windows or Mac PC is a R700 device

Security engineer at R5 Industries Rob Fuller has published a blog post in which he explains that it is easy to grab the login credentials from a locked Windows or Mac PC.

The hack works on machines that are logged in, but locked. If you haven’t logged in, the machine isn’t vulnerable to this attack.

Fuller said that with a $50 (R700) Hak5 LAN Turtle, or a $155 (R2,170) USB Armory he was able to get the login credentials of a locked machine in an average of 13 seconds.

To execute the attack, you configure one of the USB-mounted computers to become a DHCP server and the computer’s default gateway to the Internet.

Combined with a hacking tool called Responder, the device can then receive authentication tokens. These authentication hashes can then either be cracked or downgraded to gain access to the machine.

Fuller told Ars Technica that some hackers were able to get a similar setup working on a Raspberri Pi Zero, reducing the cost of the hack to $5.

He also said that although he has confirmed that the hack works reliably, he is working with others to make sure it is not just his setup that is vulnerable.

More security news

The South African government departments exposed in the Brazzers porn forum hack

How to hide everything you do on the Internet

MacOS BitTorrent client infected with malware

NSA cybersecurity hack – this is what happened

This is how easy it is to steal your ADSL username and password