IT Security Brief: Open USB Ports Allow Credentials To Be Stolen


Overview:

Image for USB Security Vulnerability Article from Precision IT Consulting

.

A security vulnerability in the Windows Operating System allows an attacker with physical access to a computer to retrieve the credentials of a logged-in user (Even in the computer is locked). Once an attacker has credentials he is going to have an easier time getting a foothold into your network, especially if he already has physical access.

As all local Networks are treated as trusted sources, when the USB drive is plugged in it acts as an Ethernet card and Windows attempts to authenticate against this which is saved into a local database.  Total time is less than 15 seconds.

This attack is possible using a $5 dollar raspberry PI up to a $155 USB Armory.

Also, as there are now USB sticks that will instantly fry anything they are connected to, this same mitigation can be used to prevent malicious attacks.

Mitigation:

Don’t allow unauthorized people near your computer

Keep Servers and other network infrastructure in locked areas

Log out of your computer when in a public place and not in use

Do not connect monitor USB ports.

Additional Information:

https://room362.com/post/2016/snagging-creds-from-locked-machines/

https://github.com/Spiderlabs/Responder

https://inversepath.com/usbarmory

https://lanturtle.com/wiki/#!videos.md

USB Destroyer:

http://www.zdnet.com/article/now-you-can-buy-a-usb-stick-that-destroys-laptops/