Linux vulnerability is so easy to pull off even a kid can do it

23 Dec 2015 | Author: | No comments yet »

Bypass Linux Passwords by Pressing Backspace 28 Times.

Pressing the backspace key 28 times can bypass the Grub2 bootloader’s password protection and allow a hacker to install malware on a locked-down Linux system.

Researchers at the Polytechnic University of Valencia have figured out that many versions of Linux have a security flaw that allows users to bypass system security by pressing Backspace 28 times. The source of the bug is an integer underflow fault that the researchers pin onto a single commit in 2009 – b391bdb2f2c5ccf29da66cecdbfb7566656a704d in case it was you – that affects the grub_password_get() function.

The only method that could be manipulated by the user with common inputs was the Backspace method, which causes the system to revert to its “Grub rescue shell”. This protection is particularly important within organizations, where it is also common to disable CD-ROM, USB and network boot options and to set a password for the BIOS/UEFI firmware in order to secure computers from attackers who might gain physical access to the machines. Without these boot options secured, attackers or malicious employees could simply boot from an alternative OS—like a live Linux installation stored on a USB drive or CD/DVD—and access files on a computer’s hard drive. Of course, it’s also possible for an attacker to remove the drive and place it in another machine that doesn’t have these restrictions, but there can be other physical access controls in place to prevent that.

Depending on certain conditions, this can cause the machine to reboot or can put Grub in rescue mode, providing unauthenticated access to a powerful shell. Linux is tough to be a highly-secure operating system, not to say it is insecure, however, this is just another blunt reminder that no matter how secure a system may seem, they could be susceptible to minute yet critical flaws. The attacker can then return Grub to its normal operation mode and have full access to edit the boot entries because the authentication check is no longer performed. The Spanish cybersecurity crew also discovered that this extremely easy-to-perform backspace hack results in a memory error, which activates the rescue shell.

Anything can be done to the computer once the hacker bypasses the password, so the developers strongly advise Linux users to install all updated made available to them, as fixes for the issue have already been developed. At this point multiple attack scenarios are possible, including destroying all data on the disk, but for their proof-of-concept exploit the researchers chose one that’s likely to be preferred by advanced attackers: installing malware that would steal legitimate users’ encrypted home folder data after they log in and unlock it. And while the hack is quite a disconcerting new development, it is worth mentioning that hackers would still need to be actually in front of your computer, and that Red Hat, Debian, and Ubuntu have all rolled out patches to take care of the exploit.

Here you can write a commentary on the recording "Linux vulnerability is so easy to pull off even a kid can do it".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site