Hacking a locked-down Linux PC is apparently as easy as pressing backspace 28 times

By Shawn Knight · 17 replies
Dec 17, 2015
Post New Reply
  1. A pair of security researchers from the Cybersecurity Group at the Polytechnic University of Valencia in Spain have discovered a method of hacking into a Linux computer that's so easy, you'd be forgiven for thinking it wasn't legit.

    The researchers figured out that it's possible to circumvent the login screen of a locked-down Linux PC simply by pressing the backspace key 28 times - no more, no less. Grub2, the bootloader used to initialize a number of Linux distributions, is to blame. Versions dating back from 2009 to present-day are vulnerable.

    Doing the deed 28 times launches the Grub rescue shell which grants an attacker unfettered access to the machine's data which can be stolen or deleted. The attacker is also free to install malware, the researchers said in a blog post revealing the exploit. Do note that as an attacker, you'd need physical access to a machine in order to take advantage of the vulnerability.

    Security expert and founder of Trail of Bits, Dan Guido, told Motherboard that it is irresponsible for Grub to lack decades-old exploit mitigations like stack cookies that could have addressed the issue.

    Fortunately, the researchers created a patch to prevent the deceptively simple attack. What's more, as Motherboard notes, several distributions including Debian, Red Hat and Ubuntu have all released emergency patches as well.

    Permalink to story.

  2. VitalyT

    VitalyT Russ-Puss Posts: 3,671   +1,961

    Are they going to increase the number of backspaces now? That'd be a good fix.

    Next time you see someone's Backspace all trashed - you'll know he is a hacker.
    Last edited: Dec 17, 2015
  3. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 9,747   +3,712

    Meaning he is hacking his own system in order to wear out the backspace key.
    Reehahs likes this.
  4. VitalyT

    VitalyT Russ-Puss Posts: 3,671   +1,961

    Any definition you look up for the word hacker, it never says whose computers he is hacking. Might be even his own :)
    thelatestmodel and EClyde like this.
  5. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 9,747   +3,712

    But you were linking him to his keyboard. And since this hack requires the hacker to be physically present with the system. That leaves only one conclusion for your scenario.
  6. tonylukac

    tonylukac TS Evangelist Posts: 1,374   +69

    It's not a big thing, but I think I'm throwing in the towel on my ubuntu iphone swift app writing project. Maybe it's the 32 bit, but it seems to use the most primitive grub. I installed it so many times. It just doesn't recognize a secondary partition on a secondary drive to boot from it. I had it working on that computer before the second hard drive blew out due to a power failure a few years ago, but it must have been in the first partition on the second drive, as I tried those versions to no avail in this second partition (which it thinks is the fifth partition, sdb5). Why didn't the new leadership of tim cook bring iphone programming to windows?
  7. Evernessince

    Evernessince TS Evangelist Posts: 2,112   +1,286

    I think he meant that the hacker brings his keyboard along with him. I've got a KBP v60 paradise mechanical keyboard that is small enough to easily fit in a small bag. Definitely possible to bring it around with you to hack.
  8. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 9,747   +3,712

    OK I guess that is also a possibility. I've never seen anyone carrying a keyboard around with them. But I'm not gonna say no one does. lol
  9. wiak

    wiak TS Enthusiast Posts: 51

  10. Uncle Al

    Uncle Al TS Evangelist Posts: 3,362   +2,008

    Well, since they say that it takes 22 repetitions to make a habit, perhaps the intended hacker will only be practicing his own new habit?!?
  11. captaincranky

    captaincranky TechSpot Addict Posts: 13,036   +2,558

    In some circles, that would be known as, "hack-sturbation"...
  12. NotParker

    NotParker TS Enthusiast Posts: 29   +10

    Many eyes ... ha ha ha.
  13. captaincranky

    captaincranky TechSpot Addict Posts: 13,036   +2,558

    Your point being?

    (Do forgive me for being old and slow).
    learninmypc likes this.
  14. Thisisembarrassing...
  15. MikeAcker

    MikeAcker TS Enthusiast Posts: 33

    Why post this ?

    we all know that when there is no way to protect a computer when physical security is compromised
  16. NotParker

    NotParker TS Enthusiast Posts: 29   +10

    "In his seminal work The Cathedral and the Bazaar, Eric Raymond put forward the claim that “given enough eyeballs, all bugs are shallow.” He dubbed this Linus’ Law, in honor of Linux creator Linus Torvalds. It sounds like a fairly self-evident statement, but as the Wikipedia page points out the notion has its detractors. Michael Howard and David LeBlanc claim in their 2003 book Writing Secure Code “most people just don’t know what to look for.”"
  17. captaincranky

    captaincranky TechSpot Addict Posts: 13,036   +2,558

    Well, I can't envision either viewpoint being mutually exclusive of the other. Mostly a semantic issue. A hundred people looking at a problem, while only one solves it, is the most likely scenario anyway.

    Comedian Dennis Miller is sort of famous for his "obscure reference jokes". More often than not they become funny for the fact nobody gets what he's talking about. It usually devolves to a "say wut" paradigm.

    I have a problem referencing some material because of my age., taking snippets of my experiences and expecting someone half my age to have gone through them as well.
  18. jobeard

    jobeard TS Ambassador Posts: 11,177   +990

    Interesting that PHYSICAL security is frequently ignored :sigh:

    Once I can get my hands on the system, there are many ways to get access to the system and/or data, not the least of which is extracting the HD and mounting it elsewhere. All the virus scanners and firewalls in the world will not protect you at this level.

    (yeah, full disk encryption will protect you - - but do you?)

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...