Sure you’ve ever used a USB Ethernet adapter to connect to the network of networks without major problems, but impersonate one of these adaptersStealing data is so easy that it is obscene.
There are different ways to connect to a local network: we have the WiFi that we use every day and we have the Ethernet, those cables that are not used as much but are still essential in many environments. Both forms have their advantages and each will have their preferences, but Mubix Rob Fuller, a researcher specialized in computer security, has discovered a very big flaw that allows us to steal data through a USB Ethernet adapter.
This steals data through a USB Ethernet adapter
First of all, it should be noted that what is necessary for this attack not your typical USB Ethernet adapter that you can buy for four duros in the Todo 100 from the corner; are specialized hack USB tools who pose as USB Ethernet adapters with the right tools, and are available to anyone with knowledge and $ 50 in their bank account.
These tools, once configured, exploit different tricks to sneak in as a reliable usb ethernet adapter when the computer is locked. Our operating system will install what is necessary to run (what it thinks is) an Ethernet adapter even though it is blocked, computers do not stop creating traffic relying on their local network and the system tends to rely on a wired network rather than on a network. wireless.
Fuller has taken advantage of all this to create a system with which stealing the credentials of a locked computer. Plug in your USB Ethernet adapter and just wait for the computer to turn on the dummy adapter and start using it as a local network, the dummy adapter will take over the credentials of the computer and shutdown only in a process that takes 13 seconds on average .
Fuller himself states in his article that it’s so simple it shouldn’t work, and that you are sure that you cannot be the first to discover thisYou have successfully tested your attack on Windows 10, 7, XP, 2000 and 98, and other systems like macOS may also be affected for lack of more exhaustive checks.