The Information Security standards dictate us that it is mandatory to have a password enabled on your computer, a measure that we know is not 100% sure but it helps to have an extra layer to protect our information. Many users often block the computer when they are about leave temporarily and the session is still open. It has been found that it is possible to remove the access credentials with a simply device
Rob Fuller, an engineer for R5 Industries found that operating systems like Windows and Mac OS are prone to credential theft when they are blocked with active sessions, because the computer keeps many process assets where the hash or digital signature of the user is registered, including network connection.
All you need is to connect an USB device for a few seconds in order to violate the hash and store in the device, which then serve to access other services “protected” where network services are included. His theory is based on the demonstration made through USB Armory, which must be programmed to simulate be a USB LAN to Ethernet adapter so that it will become the primary network interface on the computer you want to hack.
With this, the attacker will control the network configuration, which will give access to DNS, configuring proxies, among other things, but most important is that it allows to intercept and manipulate all network traffic that occurs on the computer “locked”.