12-22-2015, 10:57 AM
Quote:A pair of security researchers from the Cybersecurity Group at the Polytechnic University of Valencia in Spain have discovered a method of hacking into a Linux computer that's so easy, you'd be forgiven for thinking it wasn't legit.
The researchers figured out that it's possible to circumvent the login screen of a locked-down Linux PC simply by pressing the backspace key 28 times - no more, no less. Grub2, the bootloader used to initialize a number of Linux distributions, is to blame. Versions dating back from 2009 to present-day are vulnerable.
Doing the deed 28 times launches the Grub rescue shell which grants an attacker unfettered access to the machine's data which can be stolen or deleted. The attacker is also free to install malware, the researchers said in a blog post revealing the exploit. Do note that as an attacker, you'd need physical access to a machine in order to take advantage of the vulnerability.
Security expert and founder of Trail of Bits, Dan Guido, told Motherboard that it is irresponsible for Grub to lack decades-old exploit mitigations like stack cookies that could have addressed the issue.
Fortunately, the researchers created a patch to prevent the deceptively simple attack. What's more, as Motherboard notes, several distributions including Debian, Red Hat and Ubuntu have all released emergency patches as well.
You are not allowed to view links. Register or Login to view.
This was a rather interesting read, and now i need to pull out my old computer if i still have it or if i can find it.. to try it out..