Hacking a locked-down Linux PC is apparently as easy as pressing backspace 28 times

Shawn Knight

Posts: 15,255   +192
Staff member

A pair of security researchers from the Cybersecurity Group at the Polytechnic University of Valencia in Spain have discovered a method of hacking into a Linux computer that's so easy, you'd be forgiven for thinking it wasn't legit.

The researchers figured out that it's possible to circumvent the login screen of a locked-down Linux PC simply by pressing the backspace key 28 times - no more, no less. Grub2, the bootloader used to initialize a number of Linux distributions, is to blame. Versions dating back from 2009 to present-day are vulnerable.

Doing the deed 28 times launches the Grub rescue shell which grants an attacker unfettered access to the machine's data which can be stolen or deleted. The attacker is also free to install malware, the researchers said in a blog post revealing the exploit. Do note that as an attacker, you'd need physical access to a machine in order to take advantage of the vulnerability.

Security expert and founder of Trail of Bits, Dan Guido, told Motherboard that it is irresponsible for Grub to lack decades-old exploit mitigations like stack cookies that could have addressed the issue.

Fortunately, the researchers created a patch to prevent the deceptively simple attack. What's more, as Motherboard notes, several distributions including Debian, Red Hat and Ubuntu have all released emergency patches as well.

Permalink to story.

 
But you were linking him to his keyboard. And since this hack requires the hacker to be physically present with the system. That leaves only one conclusion for your scenario.
 
It's not a big thing, but I think I'm throwing in the towel on my ubuntu iphone swift app writing project. Maybe it's the 32 bit, but it seems to use the most primitive grub. I installed it so many times. It just doesn't recognize a secondary partition on a secondary drive to boot from it. I had it working on that computer before the second hard drive blew out due to a power failure a few years ago, but it must have been in the first partition on the second drive, as I tried those versions to no avail in this second partition (which it thinks is the fifth partition, sdb5). Why didn't the new leadership of tim cook bring iphone programming to windows?
 
But you were linking him to his keyboard. And since this hack requires the hacker to be physically present with the system. That leaves only one conclusion for your scenario.

I think he meant that the hacker brings his keyboard along with him. I've got a KBP v60 paradise mechanical keyboard that is small enough to easily fit in a small bag. Definitely possible to bring it around with you to hack.
 
OK I guess that is also a possibility. I've never seen anyone carrying a keyboard around with them. But I'm not gonna say no one does. lol
 
Well, since they say that it takes 22 repetitions to make a habit, perhaps the intended hacker will only be practicing his own new habit?!?
 
Why post this ?

we all know that when there is no way to protect a computer when physical security is compromised
 
Many eyes ... ha ha ha.
Your point being?

(Do forgive me for being old and slow).

"In his seminal work The Cathedral and the Bazaar, Eric Raymond put forward the claim that “given enough eyeballs, all bugs are shallow.” He dubbed this Linus’ Law, in honor of Linux creator Linus Torvalds. It sounds like a fairly self-evident statement, but as the Wikipedia page points out the notion has its detractors. Michael Howard and David LeBlanc claim in their 2003 book Writing Secure Code “most people just don’t know what to look for.”"
 
"In his seminal work The Cathedral and the Bazaar, Eric Raymond put forward the claim that “given enough eyeballs, all bugs are shallow.” He dubbed this Linus’ Law, in honor of Linux creator Linus Torvalds. It sounds like a fairly self-evident statement, but as the Wikipedia page points out the notion has its detractors. Michael Howard and David LeBlanc claim in their 2003 book Writing Secure Code “most people just don’t know what to look for.”"
Well, I can't envision either viewpoint being mutually exclusive of the other. Mostly a semantic issue. A hundred people looking at a problem, while only one solves it, is the most likely scenario anyway.

Comedian Dennis Miller is sort of famous for his "obscure reference jokes". More often than not they become funny for the fact nobody gets what he's talking about. It usually devolves to a "say wut" paradigm.

I have a problem referencing some material because of my age., taking snippets of my experiences and expecting someone half my age to have gone through them as well.
 
Interesting that PHYSICAL security is frequently ignored :sigh:

Once I can get my hands on the system, there are many ways to get access to the system and/or data, not the least of which is extracting the HD and mounting it elsewhere. All the virus scanners and firewalls in the world will not protect you at this level.

(yeah, full disk encryption will protect you - - but do you?)
 
Back