Security News Modified USB Ethernet Adapter Can Steal Windows and Mac Credentials

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Security researcher Rob Fuller has discovered a unique attack method that can steal PC credentials from Windows and Mac computers, and possibly Linux (currently untested).

Fuller's attack is effective against locked computers on which the user has already logged in.

The researcher used USB-based Ethernet adapters, for which he modified the firmware code to run special software that sets the plug-and-play USB device as the network gateway, DNS, and WPAD servers on the computer it's connected to.

Attack works because computers trust PnP devices
The attack is possible because most computers will automatically install any plug-and-play (PnP) USB device.

"Why does this work? Because USB is Plug-and-Play. This means that even if a system is locked out, the device still gets installed," Fuller wrote on his blog yesterday.

"Now, I believe there are restrictions on what types of devices are allowed to install at a locked out state on newer operating systems (Win10/El Capitan), but Ethernet/LAN is definitely on the white list."

Modified USB Ethernet adapter logs PC credentials
When installing the new (rogue) plug-and-play USB Ethernet adapter, the computer will give out the local credentials needed to install the device.

Fuller's modified device includes software that intercepts these credentials and saves them to an SQLite database.

The researcher's modified device also includes a LED that lights up when the credentials have been recorded.

Attack average runtime is 13 seconds
An attacker would need physical access to a device to plug in the rogue USB Ethernet adapter, but Fuller says the average attack time is 13 seconds.

Fuller couldn't believe this type of attack was possible, so he tested the scenario with USB Ethernet dongles such as USB Armory and Hak5 Turtle.

He says the attack was successful against Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1, Windows 10 (Enterprise and Home), OS X El Capitan, and OS X Mavericks. The researcher is planning to test the attack against several Linux distros as well. Below is a video of Fuller's attack in action.
Click to expand...


 
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
USB drive malware attacks spiking again in first half of 2023
Replies
0
Views
1,046
News Archive
silversurfer
silversurfer
Victor M
    • Wow
    • Like
Hot Take ASUS VivoBook BIOS disable WiFi does not disable. Peer Mode Attack
Replies
3
Views
936
Hardware Discussions
Victor M
Victor M
H
    • +Reputation
    • Like
    • Thanks
Guide | How To A Comprehensive Protection of USB Ports/Devices
Replies
8
Views
2,482
Guides - Privacy & Security Tips
simmerskool
simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top