five minutes to admin status

You’d think that a work or home computer would be reasonably secure since companies like Microsoft have 70,000 employees and perhaps some of them are dedicated to the task of keeping you safe.

Would it surprise you to know that it takes me on average about five minutes to hack into a Windows (NT/XP/7/8/10) computer?

No, really. In about two minutes and with physical access to the computer in question, I can insert a USB drive, boot it into another operating system and make a couple of adjustments. Rebooting then without the USB drive (perhaps another three minutes), the system is hacked and I have admin access.

If you wanted to protect your computer from this kind of hacking attempt, you’d need to physically lock it up when you’re not there.

BadUSB

Not that I use this technique, but there’s even a hack now in which something innocent-looking like a keyboard or USB thumb drive or a camera could go rogue. We’re used to devices like this to be well-behaved. If it’s a keyboard, it behaves like a keyboard. But just because they usually behave, that doesn’t mean that someone couldn’t program it otherwise.

In this case, hackers pushed code to the small firmware area of a USB drive so that it initially behaved like a USB drive… only later to change its mind and report to the operating system that it now wanted to be a keyboard. I don’t think anybody saw that coming.

So… re-formatting the USB drive would make the problem go away, right? No. In this case, the actual code is on a different chip in the device so you—the consumer—have no way to get to that chip.

But it gets worse. The device could pretend to be an Ethernet card or almost anything else. It could log your keystrokes, alter files, send emails using your email program, install software, it could transmit your keystrokes via radio waves so that someone remotely could pick them up.

If you wanted to protect your computer from this kind of hacking attempt, you’d be super vigilant about which devices you plug into your computer.

Broadpwn

As if that weren’t enough, someone hacked what is quite possibly the most used wi-fi chipset in all mobile devices, the Broadcom chip. At least six billion smartphones are affected by this exploit which was described this summer.  If an Internet worm is created which uses this exploit, it could jump from one device to the next and right past login prompts, anti-virus software and firewalls without stopping.

If you wanted to protect your computer from this kind of hacking attempt, you’d need to immediately upgrade your smartphones and other portable devices which include wi-fi.

Conclusion

At the moment, there doesn’t appear to be an unhackable operating system. I can’t imagine being someone in the military or the government or in charge of a bank right now because it’s just an ugly time for security. You seemingly can’t trust even a computer mouse in a world like this.

I suppose it’s best then to suggest that you backup your important data frequently enough so that you don’t lose everything at some future date.