After you Subscribe email your username
and receipt to
Membership Options
Pay With Bitcoin
  • 27 Vote(s) - 3.04 Average
  • 5
  • 4
  • 3
  • 2
  • 1
Thread Modes

Hacking a locked-down Linux PC is apparently as easy as pressing backspace 28 times
Condoms Away
SL .Dae Ripper

Posts: 280
Threads: 92
Joined: May 2015
Reputation: 247
Quote:A pair of security researchers from the Cybersecurity Group at the Polytechnic University of Valencia in Spain have discovered a method of hacking into a Linux computer that's so easy, you'd be forgiven for thinking it wasn't legit.

The researchers figured out that it's possible to circumvent the login screen of a locked-down Linux PC simply by pressing the backspace key 28 times - no more, no less. Grub2, the bootloader used to initialize a number of Linux distributions, is to blame. Versions dating back from 2009 to present-day are vulnerable.

Doing the deed 28 times launches the Grub rescue shell which grants an attacker unfettered access to the machine's data which can be stolen or deleted. The attacker is also free to install malware, the researchers said in a blog post revealing the exploit. Do note that as an attacker, you'd need physical access to a machine in order to take advantage of the vulnerability.

Security expert and founder of Trail of Bits, Dan Guido, told Motherboard that it is irresponsible for Grub to lack decades-old exploit mitigations like stack cookies that could have addressed the issue.

Fortunately, the researchers created a patch to prevent the deceptively simple attack. What's more, as Motherboard notes, several distributions including Debian, Red Hat and Ubuntu have all released emergency patches as well.

You are not allowed to view links. Register or Login to view.

This was a rather interesting read, and now i need to pull out my old computer if i still have it or if i can find it.. to try it out..

Ap0110 Offline

Posts: 463
Threads: 168
Joined: Mar 2013
Reputation: 1,095
This is interesting. Thanks for sharing.

Gaiha Offline

Posts: 8
Threads: 3
Joined: Mar 2016
Reputation: 3
Gawd... I knew this ages ago... BUt did you also know if you have physical access to the machine, you can run your linux distro from a usb stick and fully circumvent the installed O/S, whether it be Windows or Linux, as long as the "Locked" machine give you bios access, so you can over-ride the boot settings... or if some IT-moron left the boot settings to USB as 1st boot...

... then the only thing you need to do, is "mount" the hard-drive, and upload it's entire contents to another drive... (psst... I keep an external 2 GB USB HD just for this)... Happy Hacking!

Possibly Related Threads...
Thread / Author Replies / Views Last Post

Users browsing this thread: 1 Guest(s)

Color Skins

Change Color:

Background Patterns:

Background Images:

Background Header:

Setting Panel

Main Options: