Insane bug makes it incredibly easy to hack many Linux systems

23 Dec 2015 | Author: | No comments yet »

Even a child could hack into a Linux computer: report.

Pressing the backspace key 28 times can bypass the Grub2 bootloader’s password protection and allow a hacker to install malware on a locked-down Linux system. The computer security researchers discovered the vulnerability that allows unauthorized users to bypass the authentication of locked-down Linux boxes in the bootloader GRUB2 — which is used by, according to the researchers, “most Linux system” to load the operating system. The team stumbled across this strange backdoor measure while testing the security of the Grub2 bootloader, which is commonly found in a large majority of Linux based operating systems.

This protection is particularly important within organizations, where it is also common to disable CD-ROM, USB and network boot options and to set a password for the BIOS/UEFI firmware in order to secure computers from attackers who might gain physical access to the machines. While presumably intended to be used by the owner of the system for things like maintenance and diagnostics information — officially, hitting backspace 28 times takes the user to a “rescue shell,” which grants this information under the pretense that there is something in the system that needs rescuing — it comes across as a disturbing security error.

Researchers at Polytechnic University of Valencia (UPV) Spain say this hack imitates the GRUB rescue shell giving the hacker full system access, no password required. Without these boot options secured, attackers or malicious employees could simply boot from an alternative OS—like a live Linux installation stored on a USB drive or CD/DVD—and access files on a computer’s hard drive. Of course, it’s also possible for an attacker to remove the drive and place it in another machine that doesn’t have these restrictions, but there can be other physical access controls in place to prevent that. So basically, with this bug, even a 10-year old can hack into your Linux system. “The vulnerability, known as CVE-2015-8370, is present in all versions of Grub2 from 1.98, which was released in December 2009, to the current 2.02 version.” How this works, you might ask.

Coded in assembly and C, the bootloader is capable is obviously capable of loading Linux, but it’s also able to load Solaris (x86 port), Apple’s OS X, BSD and even Windows — the latter of which through chainloading. Depending on certain conditions, this can cause the machine to reboot or can put Grub in rescue mode, providing unauthenticated access to a powerful shell.

The attacker can then return Grub to its normal operation mode and have full access to edit the boot entries because the authentication check is no longer performed. At this point multiple attack scenarios are possible, including destroying all data on the disk, but for their proof-of-concept exploit the researchers chose one that’s likely to be preferred by advanced attackers: installing malware that would steal legitimate users’ encrypted home folder data after they log in and unlock it. The good news is several Linux distros have already issued a bug fix but Linux comes in hundreds of flavors and hopefully those get patched quickly as well.

Here you can write a commentary on the recording "Insane bug makes it incredibly easy to hack many Linux systems".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site