Linux Machines Can Be Hacked by Pressing Backspace 28 Times

Linux Machines Can Be Hacked

A Pair of Spanish cybersecurity researchers have discovered a Linux vulnerability that could allow anyone with physical access to a system to log in without a password and launch a variety of attacks. The vulnerability, found in versions of the commonly used Grub2 (GNU Grand Unified Bootloader) bootloader released since 2009, can be exploited by hitting the backspace key 28 times. Named CVE-2015-8370, the vulnerability has a medium severity rating, according to the National Institute of Standards and Technology’s National Cyber Awareness System notice. The bug can be easily fixed, according to the researchers who discovered it, and a number of patches are now available.

Introduced into the Grub coding in December 2009, the vulnerability has raised some suspicions that it might be the work of the National Security Agency or a similar organization. A commenter on reddit’s Linux thread, for instance, noted, “This is exactly the kind of highly-useful bug with plausible deniability that I’d expect to be introduced ‘accidentally by governmental agencies’s agents.”

READ  Will 2015 be the year of the Microsoft/Linux love fest?

‘Incalculable Number of Affected Devices’

Hector Marco-Gisbert and Ismael Ripoll, members of the cybersecurity group at Spain’s Polytechnic University of València, published their description of the Grub2 authentication bypass zero-day vulnerability on December 14, several days after disclosing it to CCN-CERT, the Spanish National Cryptologic Center.

“Grub2 is the bootloader used by most Linux systems including some embedded systems,” Marco-Gisbert and Ripoll said in their description of the vulnerability. “This results in an incalculable number of affected devices.”

The researchers said they were able to exploit the vulnerability using QEMU (short for Quick Emulator) running Debian 7.5. The bug allowed them to obtain a Grub rescue shell, from which they could gain entry to the system without a username or password, and potentially introduce malware, destroy data or launch a denial of service attack.

READ  Linux Continues to Grow in the Cloud Computing and Implementation of Enterprise Applications

Easy Check for Bug

Users can quickly and easily check for the vulnerability in their systems by pressing the backspace key 28 times when Grub asks for a username, according to Marco-Gisbert and Ripoll. “If your machine reboots or you get a rescue shell then your Grub is affected,” they said.

In addition to fixes being made available by GNU/Linux vendors, an emergency patch was also posted by the researchers on the main Grub2 Git repository. Any GNU/Linux user with Grub2 using password protection should update to a patched version, even if the attack described by the researchers is not easily launched without physical access to a system and could require significantly different approaches on different systems.

“As can be seen, the successful exploitation depends on many things: the BIOS version, the GRUB version, the amount of RAM, and whatever that modifies the memory layout,” Marco-Gisbert and Ripoll noted. “And each system requires a deep analysis to build the specific exploit.”

READ  Red Hat to ditch MySQL for MariaDB in RHEL 7

Original Article

Leave a Reply

Your email address will not be published. Required fields are marked *

A world leading hosting company that provides fully-managed innovative and secure solutions, suitable for hosting small to medium-sized websites

Built on the best available technologies combined with Google Cloud for strong redundancy and application availability. Backed by skilled experts to address web security threats, a devops team to create advanced custom security solutions, and 24/7 sysadmins to watch over the platform. This powerful, hands-on approach makes your sites faster, safer, and easier to manage. Starting from only $3.95/mo.


* up to 30 days money back guarantee