How to hack any Linux machine just using backspace

23 Dec 2015 | Author: | No comments yet »

Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times.

Though most of you likely don’t run Linux—specifically, one using the Grub2 bootloader—you’ll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader.Pressing the backspace key 28 times can bypass the Grub2 bootloader’s password protection and allow a hacker to install malware on a locked-down Linux system.

A recent report by security researchers in the polytechnic university of Valencia, Spain stated that anybody can gain access to a Linux system by pressing backspace 28 times continuously. The exploit is being quickly patched by various major Linux distros, including Ubuntu, Red Hat, and Debian, and it also requires physical access to an unpatched machine to work, so it’s not the worst potential vulnerability, just one of the sillier ones. Without these boot options secured, attackers or malicious employees could simply boot from an alternative OS—like a live Linux installation stored on a USB drive or CD/DVD—and access files on a computer’s hard drive.

Of course, it’s also possible for an attacker to remove the drive and place it in another machine that doesn’t have these restrictions, but there can be other physical access controls in place to prevent that. Said person could then load a customized kernel and do all sorts of things to the host computer—including copying the contents of its hard drive or installing some other, harder-to-find exploit (like a rootkit) that could cause all sorts of issues for a compromised system (or, worse, other networked systems). “The attacker is able to destroy any data including the grub itself. He can go into the settings of your computer and tamper with it’s security protocols further leading to chances of internet hacks and cyber attacks.

If your Linux distro of choice doesn’t happen to have a patch ready just yet, you can grab the emergency patch that Marco and Ripoll have created to fix the isssue—all stemming from a simple integer underflow fault that was introduced to Grub2 in December 2009. “It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue,” said Dan Guido, Trail of Bits founder, in an interview with Motherboard. The attacker can then return Grub to its normal operation mode and have full access to edit the boot entries because the authentication check is no longer performed. According to the researchers, successful exploitation of this vulnerability results in a GRUB rescue shell, which allows the attacker to authenticate on the system without knowing the username and the password.

Customized kernels and initramfs can be loaded without your knowledge and dangerous rootkits and Trojans can be installed further causing your system to crash. At this point multiple attack scenarios are possible, including destroying all data on the disk, but for their proof-of-concept exploit the researchers chose one that’s likely to be preferred by advanced attackers: installing malware that would steal legitimate users’ encrypted home folder data after they log in and unlock it.

Researchers have described a scenario in which an advanced persistent threat (APT) actor or malicious insiders exploit the vulnerability to plant a piece of malware that can be used to spy on the victim or steal sensitive information even if it is in encrypted format. Essentially, when a hacker hits the backspace button 28 times, they cause an error in the systems’ memory that launches the rescue function that allows for the overiding of the normal authentication system. In October, Jim Zemlin, executive director of the Linux Foundation, warned of the security challenges that threaten the golden age of open source computing.

Here you can write a commentary on the recording "How to hack any Linux machine just using backspace".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site