$50 Device Could Hack Countless Computers

Image courtesy of Mike Cook Foto

We’ve probably all done it in the past: left our computer open, but locked, thinking no one would be able to gain access. But security researchers say we shouldn’t feel so confident about the security of our data, especially now that there’s an inexpensive device that can snatch login credentials from locked computers in a matter of seconds.

Security engineer Rob Fuller says in a blog post that he discovered a hack that could leave countless laptops — both PCs and Macs — vulnerable to hack attacks.

“First off, this is dead simple and shouldn’t work, but it does,” Fuller wrote in the post.

According to Fuller, the hack works by plugging in a flash-sized minicomputer — such as a $50 Hak5 Turtle — into an unattended computer that is logged in, but currently locked.

Once plugged in the device becomes the default gateway able to receive traffic and can obtain the computer’s user name and password in about 20 seconds.

The procured password can then either be cracked or downgraded, Fuller says, to gain access to the device.

While Fuller says the hack has worked reliably on Windows devices, it has only succeed on his personal OS X device, and not yet on other Apple computers.

Fuller tells ArsTechnica that he’s working on another post suggesting ways in which device owners can prevent the hack.

[via ArsTechnica]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.