Simple Linux Flaw Exposed By Backspace Key

Tom Jowitt,
keyboard typinc UI software work © Dmitriy Shironosov Shutterstock

Hacking skills not required – just hit the backspace key 28 times to hack a Linux system

A group of Spanish researchers has uncovered a long-standing vulnerability in Linux that pressing the backspace key 28 times will bypass the login screen on some Linux distros.

The warning from security researchers Hector Marco and Ismael Ripoll from the Cybersecurity Group at the Polytechnic University of Valencia (UPV) in Spain revealed that the problem is down to the default boot loader (Grub2) that is used to initialise ‘most Linux systems’.

Boot Loader Flaw

linux“Grub2 is the bootloader used by most Linux systems including some embedded systems,” wrote the researchers in their published findings. “This results in an incalculable number of affected devices.”

They warned that vulnerable Linux machines allow easy access to the “very powerful Grub rescue shell”.

“To quickly check if your system is vulnerable, when the Grub ask you the username, press the Backspace 28 times,” said the researchers. “If your machine reboots or you get a rescue shell then your Grub is affected.”

The hacker is then free to install malware, steal data, or indeed wipe the machine clean.

Essentially, when a hacker hits the backspace button 28 times, they cause an error in the systems’ memory that launches the rescue function that allows for the overiding of the normal authentication system.

The researchers admitted that the impact of this bug should be limited, as the hacker would need physical access to the Linux machine. But it is nevertheless worrying that such a basic vulnerability could have existed for so long in the boot loader.

Thankfully, both researchers have come up with a way for this flaw to be patched. They also said the main Linux vendors have been made aware of the vulnerability. Ubuntu, Red Hat and Debian have all released patches.

Security Awareness

“The bug can be easily fixed just by preventing that cur_len overflows,” said the researchers. “The main vendors are already aware of this vulnerability. By the way, we have created the following “emergency patch” from the main GRUB2 git repository.”

Security in the open source community is gaining more awareness as the overall threat landscape worsens.

In October, Jim Zemlin, executive director of the Linux Foundation, warned of the security challenges that threaten the golden age of open source computing. He also pointed out that many projects are woefully under-resourced.

That said, in the summer the Linux Foundation announced it was investing $452,000 in Open Source security projects. The Linux Foundation’s Core Infrastructure Initiative (CII) said it was funding three projects aimed at helping to improve security for open-source code.

Also in the summer, Linux creator Linus Torvalds revealed how he thinks about security, and he said that security is all about finding bugs.

What do you know about Linux? Take our quiz!