Bypassing the Windows Lock Screen

Most of us know that we should lock our computers when we step away from them. This will prevent any unauthorized users from gaining access to our files. Most companies have some sort of policy in regards to this, and many even automatically lock the screen after a set amount of time with no activity. In some cases, the computers are configured to lock and display a screen saver. In these cases, it may be possible for a local attacker to bypass the lock screen.

[Adrian] explains that the screen saver is configured via a registry key. The key contains the path to a .scr file, which will be played by the Adobe Flash Player when the screen saver is activated. When the victim locks their screen and steps away from the computer, an attacker can swoop in and defeat the lock screen with a few mouse clicks.

First the attacker will right-click anywhere on the screen. This opens a small menu. The attacker can then choose the “Global settings” menu option. From there, the attacker will click on “Advanced – Trusted Location Settings – Add – Add File”. This opens up the standard windows “Open” dialog that allows you to choose a file. All that is required at this point is to right-click on any folder and choose “Open in a new window”. This causes the folder to be opened in a normal Windows Explorer window, and from there it’s game over. This window can be used to open files and execute programs, all while the screen is still locked.

[Adrian] explains that the only remediation method he knows of is to modify the code in the .swf file to disable the right-click menu. The only other option is to completely disable the flash screen saver. This may be the safest option since the screen saver is most likely unnecessary.

Update: Thanks [Ryan] for pointing out some mistakes in our post. This exploit specifically targets screensavers that are flash-based, compiled into a .exe file, and then renamed with the .scr extension. The OP mentions these are most often used in corporate environments. The exploit doesn’t exist in the stock screensaver.

Adding right click to a Macbook Pro


Surprisingly, one of the most common complaints we hear from people trying out macs are the fact that there isn’t a right click. The latest version, the unibody, has an option that remedies this, but older versions are stuck without. While you could always plug a USB mouse in, that is hardly a hacker’s solution. [spiritplumber] sent us this mod he did, adding right click functionality to his Macbook Pro. It is worth noting that this is meant for the 2006 to 2008 version of the Macbook Pro. You’re on your own for different ones.

[spiritplumber] points out that there are test points on the back of the track pad that emulate certain events.  One of wich, just happens to be a right click. He shows us how to wire this, to a home made contact button under the right corner of the track pad. This can be potentially hazardous to your macbook, so be careful and follow his tips for soldering. If you want, you can do the same to the opposite side for your left click, or just leave it the way it is. You can see a video of it in action after the break.

Continue reading “Adding right click to a Macbook Pro”