Security researcher Rob Fuller has discovered a unique attack method that can steal PC credentials from Windows and Mac computers, and possibly Linux (currently untested).
Fuller's attack is effective against locked computers on which the user has already logged in.
The researcher used USB-based Ethernet adapters, for which he modified the firmware code to run special software that sets the plug-and-play USB device as the network gateway, DNS, and WPAD servers on the computer it's connected to.
The attack is possible because most computers will automatically install any plug-and-play (PnP) USB device.
"Why does this work? Because USB is Plug-and-Play. This means that even if a system is locked out, the device still gets installed," Fuller explained.
"Now, I believe there are restrictions on what types of devices are allowed to install at a locked out state on newer operating systems (Win10/El Capitan), but Ethernet/LAN is definitely on the white list."