Modified USB Ethernet Adapter Can Steal Windows and Mac Credentials

An anonymous reader writes from a report via Softpedia: An attacker can use a modified USB Ethernet adapter to fool Windows and Mac computers into giving away their login credentials. The attack relies on using a modified USB Ethernet adapter that runs special software, which tricks the attacked computer into accepting the Ethernet adapter as the network gateway, DNS, and WPAD server. The attack is possible because most computers will automatically install any plug-and-play (PnP) USB device. Even worse, when installing the new (rogue) USB Ethernet adapter, the computer will give out the local credentials needed to install the device. The custom software installed on the USB intercepts these credentials and logs them to an SQLite database. This attack can take around 13 seconds to carry out, and the USB Ethernet adapter can be equipped with an LED that tells the attacker when the login credentials have been stolen.

Bullshit - Neither OS X or Windows work that way

[BitZtream]

So the video shows a windows ten login screen and a blinky usb device ... but nothing special about that

The linked article makes a bunch of claims, but doesn't substantiate any of it.

Windows doesn't provide the USB dongle with a password at any point, as implied by the article. It 'auto-installs' signed drivers already on the PC or if configured, downloads them from the internet ... SIGNED DRIVERS ... SIGNED BY MICROSOFT. Not just any random driver on the USB device.

Windows does not do 'auto-run'

OS X doesn't do anything implied in this article either. If it doesn't have a driver for your USB device already, it just doesn't work, with the exception of printers there isn't a magic way that it reads drivers from the USB device or random internet sites.

This story is simply bullshit.