You’d think protecting your computer with a strong password can keep it safe, but apparently, all it takes to steal your log-in credentials is a $50 piece of hardware and an app. According to R5 Industries principal security engineer Rob Fuller, he was able to pilfer usernames and passwords from locked computers using a USB device loaded with a hacking app called Responder. The stolen passwords are encoded, sure, but once they’re in another person’s possession, they can be cracked. One of the small, Linux-powered computers he used (USB Armory) costs $155, but the other (Hak5 Turtle) costs only $50. Computers share log-in credentials with them, because they recognize the devices as trusted Ethernet adapters.
Fuller said the combination worked on all versions of Windows and even on El Capitan, though he still needs to check whether his Mac experiment was a fluke. He also said that the hack was so easy to pull off, he “tested it so many ways to confirm” since he had such a hard time believing it was possible.