A researcher named Rob Fuller has shown how easy it is for hackers to steal data from locked computers using a small USB device. Using physical access to the targeted device can capture its login details within few seconds as long as the machine is logged in.
Rob Fuller tested the attack method using USB Armory and Hak5 LAN turtle, two flash drive-size computers designed for penetration testing and few different security applications. USB configured to look like a DHCP server tricks the connected computer into communicating with it. These network communications, which contain credentials like usernames and passwords, can be captured by installing Responder, an open source tool.
#SecurityTip Don’t leave your workstation logged in, especially overnight, unattended, even if you lock the screen.. 😉
— Rob Fuller (@mubix) September 7, 2016
It took only 12 seconds to obtain the username and password hash. The hashes can be either cracked or using pass-the-hash attack. Fuller tested this attack method on Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1 and Windows 10.
Short video made by Rob Fuller demonstrating how the attack works
Cost of USB Armoy $155 and Hak5 Turtle $50, which is used in the exploit.