Exploit Lets You Sneak Into Linux Systems After Hitting Backspace 28 Times

23 Dec 2015 | Author: | No comments yet »

Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times.

Though most of you likely don’t run Linux—specifically, one using the Grub2 bootloader—you’ll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. Pressing the backspace key 28 times can bypass the Grub2 bootloader’s password protection and allow a hacker to install malware on a locked-down Linux system.

The exploit is being quickly patched by various major Linux distros, including Ubuntu, Red Hat, and Debian, and it also requires physical access to an unpatched machine to work, so it’s not the worst potential vulnerability, just one of the sillier ones. “To quickly check if your system is vulnerable, when the Grub ask you the username, press the Backspace 28 times. The computer security researchers discovered the vulnerability that allows unauthorized users to bypass the authentication of locked-down Linux boxes in the bootloader GRUB2 — which is used by, according to the researchers, “most Linux system” to load the operating system. After you’ve tapped backspace for the 28th time (on an affected system), you’ll gain access to the rescue shell—giving you a lot more power over the system than you previously had. Without these boot options secured, attackers or malicious employees could simply boot from an alternative OS—like a live Linux installation stored on a USB drive or CD/DVD—and access files on a computer’s hard drive. The successful exploitation of the vulnerability has been possible because we made a very deep analysis of all components involved in this bug, wrote the Cyber Security Group in the announcement of the bug.

While not all *nix based operating systems use the vulnerable loader, GRand Unified Bootloader (GRUB), it does come pre-installed with some operating systems, such as Red Hat Linux. Of course, it’s also possible for an attacker to remove the drive and place it in another machine that doesn’t have these restrictions, but there can be other physical access controls in place to prevent that. So basically, with this bug, even a 10-year old can hack into your Linux system. “The vulnerability, known as CVE-2015-8370, is present in all versions of Grub2 from 1.98, which was released in December 2009, to the current 2.02 version.” How this works, you might ask. Said person could then load a customized kernel and do all sorts of things to the host computer—including copying the contents of its hard drive or installing some other, harder-to-find exploit (like a rootkit) that could cause all sorts of issues for a compromised system (or, worse, other networked systems). “The attacker is able to destroy any data including the grub itself.

Coded in assembly and C, the bootloader is capable is obviously capable of loading Linux, but it’s also able to load Solaris (x86 port), Apple’s OS X, BSD and even Windows — the latter of which through chainloading. Depending on certain conditions, this can cause the machine to reboot or can put Grub in rescue mode, providing unauthenticated access to a powerful shell. If your Linux distro of choice doesn’t happen to have a patch ready just yet, you can grab the emergency patch that Marco and Ripoll have created to fix the isssue—all stemming from a simple integer underflow fault that was introduced to Grub2 back in December of 2009. “It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue,” said Dan Guido, Trail of Bits founder, in an interview with Motherboard. The attacker can then return Grub to its normal operation mode and have full access to edit the boot entries because the authentication check is no longer performed.

At this point multiple attack scenarios are possible, including destroying all data on the disk, but for their proof-of-concept exploit the researchers chose one that’s likely to be preferred by advanced attackers: installing malware that would steal legitimate users’ encrypted home folder data after they log in and unlock it. Computer security nowadays is stronger than ever before, and a majority of the commonly used products and services are almost secure from the computer hackers trying to steal the information and cause loss to the people using those services. Marco told Motherboard that from researching Grub2’s code, they “concluded the number of backspaces hits was the only input controllable by the user to cause different manifestations of the error”.

And while the hack is quite a disconcerting new development, it is worth mentioning that hackers would still need to be actually in front of your computer, and that Red Hat, Debian, and Ubuntu have all rolled out patches to take care of the exploit. Linux is tough to be a highly-secure operating system, not to say it is insecure, however, this is just another blunt reminder that no matter how secure a system may seem, they could be susceptible to minute yet critical flaws.

Here you can write a commentary on the recording "Exploit Lets You Sneak Into Linux Systems After Hitting Backspace 28 Times".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site