Locking your computer and using a strong password to log back in are two of the most basic computer security essentials we are always advised to do. In office spaces, the lock screen is a convenient feature that suspends your activities and protects your work from would-be visual snoopers without completely shutting your computer down.
But is the lock screen still as traditionally safe as it should be?
According to R5 Industries' principal security engineer Rob Fuller aka mubix, there's an easy and quick way of stealing login credentials from a locked computer with a method that utilizes a mere $50 worth of hardware.
In his blog post, Fuller detailed a technique where he was able to steal Windows user credentials by plugging a USB stick mini-computer into a locked computer. In about 20 seconds, he was able to scoop the login name and password of the current user using an authentication hacking application called Responder.
For his demonstration, Fuller used the $155 flash-drive sized Linux computer USB Armory but he says his method will work with the cheaper $50 Hak5 Turtle, a similar USB stick Linux-based mini-computer.
His hack works like this: upon plugging in the USB stick to a locked (but logged in) PC, it boots up and proceeds to emulate a USB Ethernet device. It then starts a DHCP server to make the USB device the default gateway of the PC, routing all network traffic through it. The app Responder is then used to grab the authentication tokens for decryption.
Here's Fuller's YouTube demonstration of the hack in action:
Fuller says that his technique works on all versions of Windows. He even managed to make it work with OS X El Capitan but he is still trying to confirm if it's just his Mac setup that's exploitable. He also says that he has seen other people test the technique with the Raspberry Pi Zero, bringing the potential hardware cost of this hack down to $5.
Now that this exploit is out, what could you do to protect yourself from an attack like this?
Since the hacker will still need physical access to a computer to execute this technique, Fuller advises not to "leave your workstation logged in, especially overnight, unattended, even if you lock the screen."
Until Microsoft addresses this problem, to prevent this hack, we'll have to completely log out or shut down our computers when we leave them unattended. It's a hassle for sure, but better safe than sorry.
To read more about the technical details of this new hack, check out Fuller's full blog post.