 |
| Image courtesy of Stuart Miles at FreeDigitalPhotos.net |
In the world of Information Technology security, a vulnerability is synonymous to the word weakness. The vulnerability I am referring to is called the Sticky Keys. If you press your shift key five (5) times, the Sticky Keys menu will pop up. Go ahead and try it!
This weakness can be exploited by a user, potentially malicious, in such a way that it could allow the user to reduce the overall security of the system and bypass your hardened password, no matter how strong it is!
Based on information provided by (Wikipedia Vulnerability Computing, n/d.), a potential vulnerability generally has these three elements:
1.) An existing flaw within the system.
2.) Access to the system by the malicious user.
3.) Knowledge and capability to exploit the flaw.
With that being said, let's further define the vulnerability elements and compare to see if it applies to Microsoft's Windows operating systems being used on a laptop. Here is the scenario; you left your Windows 8 laptop on the restaurant table while you utilized the facilities (Bio Break!). When you returned to your table, and to your surprise (Really???), the laptop was gone. The individual who took your laptop arrived at their home and uses a Windows 8 DVD to change your local administrator password to access all of your files. How did this user do that? Continue reading to learn the answer.
If the malicious user were to take an existing Windows 8 DVD and place it into the DVD-ROM drive, then turn the laptop on and boot directly off of this DVD, they would be provided with the opportunity to install Windows 8. However, with your particular laptop, Windows 8 is already installed. Therefore, instead of pressing the "Next" button, the malicious user simply holds the shift key down and presses F10. By doing this, he/she receives a Command Prompt. Once they have the Command Prompt visible, they utilize the "CD" command (change directory) to get to the local Windows\System32 directory.
Now that they are at the local Windows\System32 directory, the malicious user would type the following command; "copy cmd.exe sethc.exe." This command will copy the Command Prompt executable file over top of the Sticky Keys executable file. The malicious user has now replaced the Sticky Keys menu program with the Command Prompt program. Once the user reboots the laptop normally, the logon screen will appear. From here, he or she will press the shift key five (5) times, but instead of the Sticky Key menu, they will see the Command Prompt. Even more, the Command Prompt has administrative priviledges, which aligns with the first vulnerability element, "a flaw within the system."
Since administrative privildeges exist, the next commands entered would allow the malicious user to view the name of your local accounts, as well as change the password for access. To view the local user accounts, they would type: "net user" and discover the user ID was, for example, PilotTroy. From here, they would type: "net user pilottroy P@ssw0rd1" to change the password for that local account. Once this has been completed, they could simply type "exit" and log directly onto your computer to view all of your data, using your own personal account. Thankfully, there are ways to disable the Sticky Keys function, but that is for a different blog.
If you are interested in watching the video I created to see this in motion, **click here**
Thank you for reading! Until next time, remember that you don't have to become a victim of a threat to become aware of a threat!
References:
Wikipedia Vulnerability Computing(n.d.). Retrieved January 13, 2016, from https://en.wikipedia.org/wiki/Vulnerability_(computing)
No comments:
Post a Comment