Modified USB Ethernet Adapter Can Steal Windows and Macintosh Credentials

Security researcher Rob Fuller has discovered a unique attack method that can steal PC credentials from Windows and Mac computers, and possibly Linux (currently untested). Fuller’s attack is effective against locked computers on which the user has already logged in.

The researcher used USB-based Ethernet adapters, for which he modified the firmware code to run special software that sets the plug-and-play USB device as the network gateway, DNS, and WPAD servers on the computer it’s connected to.

You can read more at http://goo.gl/5GnfMt.

Moral of this story: don’t use any USB ethernet cables from unknown sources and don’t allow anyone else to install USB ethernet cables on your equipment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s