Hacking a Linux system is so easy, a kid could do it

23 Dec 2015 | Author: | No comments yet »

Bypass Linux Passwords by Pressing Backspace 28 Times.

Pressing the backspace key 28 times can bypass the Grub2 bootloader’s password protection and allow a hacker to install malware on a locked-down Linux system.If you still use one of these Linux distributions, you may want to make sure that you aren’t keeping sensitive information saved anywhere on your computer – it may be at risk of being hacked by even the most novice cyber criminals. Assuming the system is in fact susceptible to the bug, anyone with the right know-how could access the system’s “Grub rescue shell“, which, with just a few keystrokes, can give them unhindered access to any and all data found on the PC. This protection is particularly important within organizations, where it is also common to disable CD-ROM, USB and network boot options and to set a password for the BIOS/UEFI firmware in order to secure computers from attackers who might gain physical access to the machines.

Without these boot options secured, attackers or malicious employees could simply boot from an alternative OS—like a live Linux installation stored on a USB drive or CD/DVD—and access files on a computer’s hard drive. The malicious person only needs to boot the computer from a different operating system to gain the Grub rescue shell, the researchers noted in a blog post. From that point, it initiates the “Grub rescue shell,” allowing the user to access the system without ever having to type in the password that was originally set. Of course, it’s also possible for an attacker to remove the drive and place it in another machine that doesn’t have these restrictions, but there can be other physical access controls in place to prevent that. But it is nevertheless worrying that such a basic vulnerability could have existed for so long in the boot loader. “The bug can be easily fixed just by preventing that cur_len overflows”, said the researchers.

What’s more, as Motherboard notes, several distributions including Debian, Red Hat and Ubuntu have all released emergency patches as well. “The main vendors are already aware of this vulnerability”. Depending on certain conditions, this can cause the machine to reboot or can put Grub in rescue mode, providing unauthenticated access to a powerful shell. The vulnerability could lead to a high number of security issues, including the complete destruction of al the data on a given hard drive, or installing malware that would scrape the legitimate home folder data of users once they access it.

The attacker can then return Grub to its normal operation mode and have full access to edit the boot entries because the authentication check is no longer performed. The vulnerability, known as CVE-2015-8370, is present in all versions of Grub2 from 1.98, which was released in December 2009, to the current 2.02 version. The Spanish cybersecurity crew also discovered that this extremely easy-to-perform backspace hack results in a memory error, which activates the rescue shell. Anything can be done to the computer once the hacker bypasses the password, so the developers strongly advise Linux users to install all updated made available to them, as fixes for the issue have already been developed.

A detailed write-up about the vulnerability from Hector Marco and Ismael Ripoll from the Cybersecurity Group at the University of Valencia can be found here.

Here you can write a commentary on the recording "Hacking a Linux system is so easy, a kid could do it".

* Required fields
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site