Something more reminiscent of Mission: Impossible, circa 1996, has come to light last week. We have all held a belief (well, desperately clung to it actually) that it would take a hacker a certain amount of time to guess the password to our personal and office computers. Long enough that they would be caught red-handed, in fact. It gives one those “warm fuzzy” feelings inside, well things got cold and hard with a quickness last week. This is terrible news but don’t quit reading yet, an answer has already been rolled out to keep your PCs safe!
It seems now a hacker can get into your locked PC fast. How fast? Fast enough to make Ethan Hunt jealous. Like, SERIOUSLY jealous. What’s worse? You don’t need to be an agent and steal the technology from the government while running the risk of being disavowed. It is available to the public. Scary right?
Over at R5 Industries a principle engineer has found out that a USB device only needs a few seconds to copy and store PC passwords to both Windows and OSX machines. For the attack, he used a USB-stick sized computer called USB Armory that runs about $155, but the same attack can be done with cheaper devices, like the Hak5 LAN Turtle, at $50.
This can occur because today’s computers are designed to recognize newly installed USB devices, even when at a “locked” stage. The device masquerades as an USB to Ethernet adapter so that it becomes the primary network interface on the computer, and this bring about the 2nd reason it is possible to do this. Computers automatically configured to treat wired Ethernet cards as default gateways.
All this might sound a bit technical, but this is where the problem lies. Unbeknownst to developers and security professionals ease of use, easy setup and automatic driver installations have created a pretty sever loophole for those that are determined to access our PCs.
“First off, this is dead simple and shouldn’t work, but it does,” the researcher said in a blog post. “Also, there is no possible way that I’m the first one who has identified this, but here it is.”
Below is a short video showing you the device in action:
As to keeping people out of your PC, it won’t always be a loveable, misunderstood, seemingly rouge agent that is only trying to access computers for safety of the world… no, no, and to that end BioTect-ID™ is the answer.
In 2016 BSI launched a revolution with BioTect-ID™, an affordable biometric solution to one of the most difficult tasks companies and individuals face today: management of personal devices in the home or workplace (BYOD). BioTect-ID™ provides the solution. It is the next logical step in the evolution of gesture biometrics technology. If you need to secure electronic assets and the information therein, you must secure personal devices and computers. With sensitive data now being stored on mobile devices, these must be secured as well. BioTect-ID ™ will be available on platforms including Android, iOS, and Windows.
The simplicity of a finger or mouse drawn four-character password translates perfectly to mobile devices and full sized PCs alike. Only the authenticated user can reproduce this gesture biometric password, and it can't be lost, stolen or hacked. Because BioTect-ID™ is a replaceable biometric, there is no threat of loss of personal identifying information that is irreplaceable like an iris, face or fingerprint.
Extraordinary accuracy that is third party tested, high user approval and the affordable ability to transform any free standing or networked PCs with multi-factor protection make BioTect-ID™ the ideal solution for any environment.
BioTect-ID™, at its core, uses our twice patented BioSig-ID™ technology. Based on third-party testing performed by the Tolly Group and user surveys, our software has the following proven results:
• 99.97% Protection against imposters
• 100% of users surveyed were able to enroll
• 98% of users found it easy to use
• In 10,000 test attempts, no user was able to bypass the security even though they were given the password
• 96% of users believed it impossible to break into another's password
We are about to launch BioTect-ID™ for Windows with OSX soon to follow. Good news, by beta testing it out you can earn free licenses for a year or two, and even some lifetime licenses will be given away as well!
Send an email to firstname.lastname@example.org to be part of our beta programs.
While most of us would not mind Tom Cruise in our house, at our PCs, let's keep the ability for him to go all "Mission Impossible" on our computers more science-fiction and less science-reality.
Interested in learning more? Click here to schedule a demonstration!