SECURITY WARNING:
Any network should be considered compromised that does not currently enforce two factor authentication for access control and is without strong physical access control to workstations with PNP OS’s !The technique does not require the use of keycatcher devices or keyloggers nor the installation of ANY software on a target workstation.
I have not read of this in any of the books on hacking I’ve seen nor have I seen this technique advertised in any courses on security / hacking but I would be surprised if its NOT in use. Dont forget to set up a demo. This might cost someone a few bucks at a swap meet so the cost is irrelevant.
Here’s the recipe:
Start with two Wireless Keyboard Kits.
Disguise a Wirless keyboard inside a normal keyboard that plugs in as normal with a dummy cable for concealment purposes.
(Dont need to do this for demo purposes)
Now connect the two wireless receivers to the disguised Wireless keyboard (I used Beklin Wireless Keyboard kits).
You now have one keyboard that will be picked up by two separate receivers.
Plug the disguised keyboard into the target workstation along with one of the receivers which is hidden or disguised.
The attacker now plugs the remaining Wireless receiver into his / her Workstation, Laptop etc. Note: Using a modified wireless keyboard
receiver one can obtain a quite decent range !
Now the ingenuity of the attacker only will limit the damage that can be done.
For example, if the password trapping machine is a Windows Domain member then the “Victim” will log on to his / her own Workstation as well as the password trapping machine while the attacker watches ! If password catching is the aim of the attacker then he / she first opens Notepad or other text editor and waits !
The CTL+ALT+DEL login sequence will pop up the logon / lock workstation dialogue on the attacking machine which is quickly “escaped” by the attacker who now watches the user, admin, anyone, type their plain text username and
password into notepad etc.
I decided to try a passcode re-use attack on one particular breed of authentication scheme. The authentication software effectively prevented this on some occassions but mostly just fell over. That issue is to be reported to the vendor.
A last word. If your are using two factor authentication you MUST advise your users NOT TO RE-USE ANY PIN USED FOR BANKING OR OTHER SECURE TRANSACTIONS since this technique will capture their PINS if they’re using PIN based TF.
To bust two factor athentication schemes is a little more tricky. I say a little because they can be compromised fairly easily.
Of course this all relies on that beautiful Plug & Play feature that we all love. This would not work on older non PNP OS’s so easily for non admin users that is. Windows NT more secure in this case ? Thats a frightening thought !
In summary: The skill level required to do this is almost zero. If someone can plug in a USB cable, disguise a keyboard and be patient they can do this.
