iTWire recommends all Linux users attempt the 28 backspace login to determine whether they’re vulnerable.
Advertisement
Hitting a key over and over again actually works for once.
Motherboard reports that the bug resides in Grub2, a bootloader utilized to start most Linux systems.
The security team revealed that when a user presses the backspace key 28 times, a memory error is triggered, which in turn initiates the rescue shell.
The source of the bug is an integer underflow fault that the researchers pin onto a single commit in 2009 – b391bdb2f2c5ccf29da66cecdbfb7566656a704d in case it was you – that affects the grub_password_get() function. Now, the attacker gets all the freedom to load a customized Linux kernel, copy the full disk or install a rootkit remotely.
The researchers Hector Marco and Ismael Ripoll noted that once the rescue shell is loaded, an intruder may steal any data or even delete the entire filesystem. If you’re a Linux user and anxious your system may be at risk you can apply the emergency patch from the researchers official website. Essentially, hitting backspace 28 times when the machine asks for your username accesses the “Grub rescue shell”, and once there, you can access the computer’s data or install malware. Alongside this fix, major Linux distributions such as Ubuntu, Red Hat and Debian have all released fixes too. It’s definitely recommended that you patch any of your systems.
Advertisement
Linux is tough to be a highly-secure operating system, not to say it is insecure, however, this is just another blunt reminder that no matter how secure a system may seem, they could be susceptible to minute yet critical flaws.
