Hacking attempts seem to be in the news at least every other day. From network security companies, to children’s software, nothing seems to be safe from the wrath of internet hackers. Now, computer experts have some bad news regarding an operating system, as you can bypass Linux passwords by pressing backspace 28 times.
- Linux is not the OS itself, it’s just the kernel; the OS actually is GNU Linux
- The Linux kernel was created as a hobby by Finnish student Linus Torvalds
- It was estimated by the European Union that it would cost over $1.2 billion USD to redevelop the current version of Linux
- The special effects for Titanic and Avatar were developed entirely on Linux
- The Linux penguin is named Tux
Hector Marco and Ismael Ripoll, members of the Cybersecurity Group at Universitat Politècnica de València, found the serious vulnerability.
The two discovered the integer underflow vulnerability in Grub2, and found out that it can be taken advantage of by pressing the backspace key 28 times in row when the bootloader asks for your username.
The Grub is used by Linux to boot up the system, and it stands for Grand Unified Bootloader. The feature is very useful to password protect your Linux machine.
Now, if certain conditions are met (mostly the proper version of the OS), pressing the backspace key 28 time in a row will cause the computer to reboot, or it will put Grub in rescue mode, Linux’s version of Safe Mode.
This will provide the would-be hacker with unauthorized access to a shell, which he can then use to rewrite the code in the Grub2 in order to gain full unauthorized access to the machine.
From this point, anything is possible, since the hacker would be able to do anything he wanted to the computer.
However, the guys behind the discovery went with a simple scenario in order to prove their findings: they installed malware to steal all of the user’s private data once he logged in.
But this was just to prove their point.
Anything can be done to the computer once the hacker bypasses the password, so the developers strongly advise Linux users to install all updated made available to them, as fixes for the issue have already been developed.
The versions of Linux affected are those starting with 1.98, released in December, 2009, and ending with the most recent version, 2.02.
Image source: Flickr