A bug filed on Ubuntu Launchpad in the middle of June has just been made public. The bug in question appears to allow anyone with physical access to the computer bypass the lock screen by just removing the hard drive. The bug was tested on Ubuntu 16.04.4 and it’s unclear whether it affects other versions of Ubuntu or other distributions but there’s an almost certain chance it affects other distributions based on Ubuntu 16.04, such as Linux Mint 18.
The attack works in the following way, a user boots into Linux and opens up their programs and files, then the machine is suspended and it goes into low power mode and writes the state of the machine to memory. At this point an attacker can remove the hard drive and wake up the system; now they’ll either see the lock screen and be able to enter any password to gain access. They might try the password and be denied access at which point they can fast press the hardware shut down button and gain access, or no lock screen will appear but instead the screen will be black and the previous steps can be attempted.
Discussing the bug, Marc Deslauriers a security engineer at Canonical said:
“We're unlikely to fix this, since having physical access means an attacker could simply access the hard disk directly or replace the password on it and unlock the computer.”
Another user suggested that the screensaver software could handle the problem:
“I believe that screensaver should handle exceptions in the underlying libraries in such a way to prevent unauthorized access even if underlying library is faulty.”
If it’s the case that the screensaver package can be updated to fix the issue, a fix might be able to be applied upstream as it is used in Debian too.
Neowin doesn’t recommend trying to replicate this bug as the power will need to remain on to keep the memory functioning, and therefore offers the chance for electrocution.
37 Comments - Add comment