A security researcher by the name of Rob Fuller has posted an article on Softpedia where he has discovered a unique attack method that can steal PC credentials from Windows and Mac computers, and possibly Linux (currently untested). He used USB ethernet adapters where he modified the firmware code so that it runs special software which sets the plug-and-play USB device as the network gateway, DNS, and WPAD servers on the computer its connected to.
The attack is possible because most computers will automatically install any plug-and-play (PnP) USB device, even if the computer is locked after a user has been logged in.
How It Works
When installing the new (rogue) plug-and-play USB Ethernet adapter, the computer will give out the local credentials needed to install the device. Fuller’s modified device includes software that intercepts these credentials and saves them to an SQLite database. The researcher’s modified device also includes a LED that lights up when the credentials have been recorded.
An attacker would need physical access to a device to plug in the rogue USB Ethernet adapter, but the average attack only takes about 13 seconds.
He says the attack was successful against Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1, Windows 10 (Enterprise and Home), OS X El Capitan, and OS X Mavericks. He has plans to test the attack on various Linux distros as well.
Video Of The Attack