Contrary to what we have seen on mobile devices in recent years, it’s not that often that someone devises a way to bypass the login screen on a desktop operating system. However, that is what two security researchers have recently discovered in several flavours of Linux.
The researchers found that pressing the backspace key 28 times would allow an attacker to trigger a bug in the Grub2 bootloader, which is in use on vulnerable systems. When activated, the bug allows an attacker to access the “Grub rescue shell.” From the rescue shell it is possible to access or modify files, install malware or complete any number of other malicious activities.
The researchers found the bug after examining the code of the bootloader. They determined that the number of backspace presses is the only input controllable by the user that could trigger the bug.
Security experts were surprised that the bug existed. Dan Guido of security firm Trail of Bits said:
It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue
As for the fix: The researchers also took care of this. They developed a patch that fixes the code error that triggered the bug to occur. Alongside this fix, major Linux distributions such as Ubuntu, Red Hat and Debian have all released fixes too.
Source: Motherboard
66 Comments - Add comment