by | | 0 comment(s)

Here is one more reason to never let your Windows laptop off your sight in a public place


Keep your Windows 10 laptop secure and up to date

Microsoft has fully embraced a philosophy of security, through biometrics, and hardware-based encryption, to a point where it is harder than ever to hack a new Windows laptop, tablet or desktop running Windows 10, and certainly much harder than it used to be in regard to systems running Windows XP, and Windows 7.

With that said, no hardware or software will be 100% secure, and flaws are found every day, which is why it’s more important than ever to keep your system up to date.

Last week, YouTube user Rob Fuller has posted a video where he shows how to steal credentials from a Windows PC, while the screen is locked. Fuller’s account of how he accomplished this feat is recounted in details on his blog at room362.com. In his post, Fuller explains that this procedure works on Windows PCs, as well as on Macs, and lists all operating systems tested, including:

  • Windows 98 SE
  • Windows 2000 SP4
  • Windows XP SP3
  • Windows 7 SP1
  • Windows 10 Enterprise/Home
  • OS X El Capitan / Mavericks

The hack consists of using a USB micro PC, which can be either a $155 USB Armory, or a $49.99 Hak5 Turtle. Both devices can be easily rigged with “Responder”, a suite of tools created by Python hacker Laurent Gaffié, which can be loaded onto a USB PC, and programmed to become a portable network server, or any number of devices capable of working their way into a system.

In Fuller’s YouTube video we can see how easy it is to steal credentials from a locked system, simply by plugging the device in a USB port, and let it do its work.

Fuller himself was amazed at how easy it is to perform this hack, which exploits the Plug And Play functionality built into every operating system, from Windows to OS X, and Linux.

Plug and Play was first implemented in 1995, with the release of Microsoft Windows 95, which attempted to automate the process of detecting hardware devices, which was previously done by inputting specific instructions via hardware (DIP switches), or by software (IRQ/DMA interrupts settings). The ability to auto detect hardware peripherals was a major sell with early adopters of personal computers, because it rendered the process of installing devices a lot easier on user who did not have a proper literacy of computing.

Today, USB and Ethernet/LAN are the two primary receptacles of Plug and Play hardware, and unfortunately, the two elements responsible for the success of this hack.

Plug and Play works in such a way that a number of checks normally performed during the regular installation of hardware and software drivers on an unlocked computer, are partially bypassed, to allow devices to be ready for use by the time a computer is unlocked.

One example is the Wi-Fi receiver, which connects immediately after booting up, and while the lock screen is still loading, in Windows 10. Other, more basic examples involve auto-detection of mice and keyboards.

It was pointed out in a comment on Fuller’s blog, that such attack could be stopped by simply turning off automatic device installation for network devices, while turning on manual override for users who need to connect USB devices, such as mobile phones, Wi-Fi receivers, external drives, etc. This can be accomplished by opening the Group Policy Editor in Control Panel (Windows), and navigating through Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions > “Prevent installation of devices using drivers that match these devices setup classes”.

In the dialog box under Options, click “Show...” and input the following string:

{ 4d36e972-e325-11ce-bfc1-08002be10318}

After a reboot, devices that are not whitelisted, will not be allowed to install drivers automatically, unless whitelisted.

On OS X or Linux there may be other procedures to prevent this type of attack from happening.


Ready to shop?

PortableOne has the best deals on Windows 10 Pro laptops, featuring the latest hardware-based security features, and full BitLocker encryption to protect your files from prying eyes.


You must be logged in to post comments.