Log into most any Linux system by hitting backspace 28 times

23 Dec 2015 | Author: | No comments yet »

Embarrassing Linux Vulnerability Lets You Login Any Computer Pressing Backspace 28 Times.

Pressing the backspace key 28 times can bypass the Grub2 bootloader’s password protection and allow a hacker to install malware on a locked-down Linux system.Linux, the purportedly highly-secure operating system that runs everything from computers to the backbone of the Internet has been plagued by an odd and quite simply embarrassing vulnerability.

A worryingly simple security flaw has been discovered in several Linux distributions by the Cybersecurity Group at the Polytechnic University of Valencia. The source of the bug is an integer underflow fault that the researchers pin onto a single commit in 2009 – b391bdb2f2c5ccf29da66cecdbfb7566656a704d in case it was you – that affects the grub_password_get() function.

At the login screen, an attacker simply needs to press backspace 28 times in order to crash the Grub2 bootloader and bypass the authentication process. Well before security researchers publicized the flaw on the web, they had rushed out their own emergency patch and notified the affected Linux versions—Ubuntu, Red Hat, and Debian—which all quickly released patches fixing the Grub2 bug. The most important thing for all Linux users to do is to perform a software update to their system, which, for most Linux distributions, is set to happen automatically in the background.

Without these boot options secured, attackers or malicious employees could simply boot from an alternative OS—like a live Linux installation stored on a USB drive or CD/DVD—and access files on a computer’s hard drive. As of December 17, I was unable to replicate the backspace bug in a fresh install of Linux Mint-17.1 (64-bit), which is based on Ubuntu 14.04 (which uses a vulnerable version of Grub2). The issues lie neither in the kernel nor operating system itself but instead stems from a vulnerability within Grub2, or Grand Unified Bootloader, that boots up on Linux systems when they are powered on. Of course, it’s also possible for an attacker to remove the drive and place it in another machine that doesn’t have these restrictions, but there can be other physical access controls in place to prevent that. Depending on certain conditions, this can cause the machine to reboot or can put Grub in rescue mode, providing unauthenticated access to a powerful shell.

The attacker can then return Grub to its normal operation mode and have full access to edit the boot entries because the authentication check is no longer performed. The Grub2 flaw is another blow to the reputation of Linux as one of the most secure of operating systems—made all the more embarrassing because of the way that Linux users (myself included) have railed against the insecurity of Windows—in stark contrast to the rock-solid Linux!

At this point multiple attack scenarios are possible, including destroying all data on the disk, but for their proof-of-concept exploit the researchers chose one that’s likely to be preferred by advanced attackers: installing malware that would steal legitimate users’ encrypted home folder data after they log in and unlock it. From that point forward, an attacker could potentially gain access to all the information stored on your hard drive, and even install malware or rootkits, the two researchers Ismael Ripollo and Hector Marco, said in their research published Tuesday.

The critical yet rather lame Grub flaw affects Linux systems dating as far back as 2009 all the way up til 2015, and will likely affect outdated distro’s coming into 2016. Then they used it to replace a Mozilla Firefox library with a malicious one designed to open a reverse shell to a remote server whenever the browser is started by the user. “When any user executes Firefox, a reverse shell will be invoked,” the researchers said in a detailed write-up of their exploit, which they presented last week at the STIC CCN-CERT Conference in Madrid. “At this time all data of the user is deciphered, allowing us to steal any kind of information of the user.” The vulnerability, which is tracked as CVE-2015-8370, affects all versions of Grub2 from 1.98, released in December, 2009, to the current 2.02. On the other hand, it has been long understood that random keyboard activity could play havoc with Windows and Mac computers and there are several keyboard lockout applications available for both of those platforms.

By far the most sophisticated type of application designed to protect a computer from cat-astrophes is the 15-year-old Windows-only PawSense payware that developed in parallel with Windows XP. If you are using a vulnerable operating system, it’s highly advised you install the emergency patches and double check to ensure your system is not vulnerable.

Here you can write a commentary on the recording "Log into most any Linux system by hitting backspace 28 times".

* Required fields
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site