Hacking a locked-down Linux PC is apparently as easy as pressing backspace 28 times

Thread Started By Condoms

3425
2
  • 32 Vote(s) - 3.09 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Rate Thread
#1
Quote:A pair of security researchers from the Cybersecurity Group at the Polytechnic University of Valencia in Spain have discovered a method of hacking into a Linux computer that's so easy, you'd be forgiven for thinking it wasn't legit.

The researchers figured out that it's possible to circumvent the login screen of a locked-down Linux PC simply by pressing the backspace key 28 times - no more, no less. Grub2, the bootloader used to initialize a number of Linux distributions, is to blame. Versions dating back from 2009 to present-day are vulnerable.

Doing the deed 28 times launches the Grub rescue shell which grants an attacker unfettered access to the machine's data which can be stolen or deleted. The attacker is also free to install malware, the researchers said in a blog post revealing the exploit. Do note that as an attacker, you'd need physical access to a machine in order to take advantage of the vulnerability.

Security expert and founder of Trail of Bits, Dan Guido, told Motherboard that it is irresponsible for Grub to lack decades-old exploit mitigations like stack cookies that could have addressed the issue.

Fortunately, the researchers created a patch to prevent the deceptively simple attack. What's more, as Motherboard notes, several distributions including Debian, Red Hat and Ubuntu have all released emergency patches as well.

[To see links please register here]


This was a rather interesting read, and now i need to pull out my old computer if i still have it or if i can find it.. to try it out..
Reply


#2
This is interesting. Thanks for sharing.
Reply


#3
Gawd... I knew this ages ago... BUt did you also know if you have physical access to the machine, you can run your linux distro from a usb stick and fully circumvent the installed O/S, whether it be Windows or Linux, as long as the "Locked" machine give you bios access, so you can over-ride the boot settings... or if some IT-moron left the boot settings to USB as 1st boot...

... then the only thing you need to do, is "mount" the hard-drive, and upload it's entire contents to another drive... (psst... I keep an external 2 GB USB HD just for this)... Happy Hacking!
Reply




Possibly Related Threads…
Thread Author Replies Views Last Post
  Sign of the Times: SL-to-Sansar Ship Straddling Second Life 0 1,607 09-01-2016, 06:11 AM
Last Post: Second Life

Forum Jump:

1 Guest(s)
Share this:

About Second Life Copybot

Second Life CopyBot Forum is a place where you can get items for Second Life and other vitual worlds for free. With our CopyBot viewers you can export and import any content from these virtual worlds and modify them in 3D software such as Blender, 3D studio Macx etc...