A recent report by security researchers in the polytechnic university of Valencia, Spain stated that anybody can gain access to a Linux system by pressing backspace 28 times continuously.
This vulnerability also known as the Grub2 has been patched by top Linux OS makers like Red Hat ,Ubuntu and Debian.
So how does Grub2 vulnerability actually work? This has been explained by Hector Marco and Ismael Ripoll of the cyber security group in their website hmarco.org.
This report named ‘ Back to 28 ‘ give s the detail explanation of how the Grub 2 vulnerability works and how it can be fixed.
Brub 2 vulnerability can effect Linux versions from 1.98 to 2.02. By pressing backspace 28 times the lock screen is bypassed and no authentication is required to access the system.
Even if you have a complex password it would not help to protect your system.
If you want to know whether Linux system is effected or not you can try the same.
As soon as Grub requests a user name hit backspace 28 times in a row and check if the machine reboots or if a recue shell initiated.
The effects of being effected by Grub2 vulnerability-
- The person at your system can gain full access to your system even without having a proper password or your user name. He can go into the settings of your computer and tamper with it’s security protocols further leading to chances of internet hacks and cyber attacks.
- As soon as the attacker gains control of your system all your information, be it private pictures. Videos or even sensitive information like banking data can easily be available to him as a result of which you can have an identity breach. Customized kernels and initramfs can be loaded without your knowledge and dangerous rootkits and Trojans can be installed further causing your system to crash. Your whole disk can get mirrored in a matter of seconds with special software and privacy can be compromised.
- The hacker can change setting in such a way that you would not be able to login to your own system. Furthermore, the Grub bootloader can be destroyed and a DOS attack can be initiated.
Fortunately there is a fix to this problem and the details have been described in hmarco.org.
The solution will teach you how to overcome this problem by trying to repair the small memory errors in Grub2 that cause these problems.