Hacking into most Linux systems is as simple as pressing the backspace key 28 times, a new cybersecurity report warns.
If you still use one of these Linux distributions, you may want to make sure that you aren’t keeping sensitive information saved anywhere on your computer – it may be at risk of being hacked by even the most novice cyber criminals. According to a report from PC World, security researchers have found a flaw so glaring that the only thing someone needs to do to log into a system is hit the backspace key 28 times.
Let us repeat that – instead of typing in a password, someone can gain access to a Linux system just by hitting the “delete” button. A team of researchers from the Cybersecurity Group at Polytechnic University of Valencia in Spain discovered that tapping the backspace key 28 times for builds that use the common Grub2 bootloader, which is nearly every one, instantly bypasses the computer’s lock screen.
From that point, it initiates the “Grub rescue shell,” allowing the user to access the system without ever having to type in the password that was originally set. GRUB stands for Grand Univied Bootloader, and allows for the setup of multiple operating systems on a single machine.
Without having this as well as the CD-ROM, USB and network boot options running, organizations may have a particularly hard time warding off an attack on their systems now that this simple hack has made headlines. All it takes is one rogue employee to boot an alternate operating system from a USB stick or a CD/DVD, and have free access to the machine’s hard drive.
The vulnerability could lead to a high number of security issues, including the complete destruction of al the data on a given hard drive, or installing malware that would scrape the legitimate home folder data of users once they access it.
The vulnerability, known as CVE-2015-8370, is present in all versions of Grub2 from 1.98, which was released in December 2009, to the current 2.02 version. To date, Ubuntu, Red Hat, Debian, and other distributions have released fixes to the bug. Linux users are urged to install any update they receive for grub2 as soon as they see it.
A detailed write-up about the vulnerability from Hector Marco and Ismael Ripoll from the Cybersecurity Group at the University of Valencia can be found here.