Digital Journal
Pressing backspace 28 times will unlock most Linux PCs
By: James Walker
A strange bug has been discovered in the Linux operating system that gives hackers an easy way into computers if they have physical access. Pressing the backspace key 28 times while on the login screen will override the need for a password.
The vulnerability, uncovered earlier this week, was discovered by two security researchers from the Cybersecurity Group at the Polytechnic University of Valencia in Spain. As Motherboard reports, the group found it can circumvent usual login procedures on Linux systems just by pressing the backspace key 28 times.
The key inputs go to the Linux Grub2 bootloader, responsible for starting the operating system. Pressing backspace 28 times presents the user with a Grub rescue shell interface, letting them enter system commands. An attacker could use the terminal to install malicious software and steal or delete data.
The key presses end up launching a rescue shell due to an underflow error in memory. Exactly 28 presses of the backspace key are required to reproduce the effects, making it "the only input controllable by the user to cause different manifestations of the error." On the 28th press, an error is raised by the system's memory which results in Grub2 loading its rescue shell.
The researchers warned the shell is "very powerful" as it has full authentication without requiring a valid username or password. It allows attackers to copy the entire disk, customise the Linux kernel to include system-level permanent exploits or destroy all the data on the user's hard drives, even if it is encrypted.
The bug has been present inside Grub2's source since December 2009 and version 1.98. It remains present in December 2015's 2.02 release. The bootloader is used by many Linux operating systems during the initialisation phase. The researchers identified the exact place in the code where the error occurs but warned anti-virus tools would not be able to detect the problem.
The bug is present in several popular Linux-based operating systems. Major consumer distros Ubuntu and Debian are amongst the platforms known to be affected. Emergency patches have already been issued that fix the issue.
It's unclear how such a major bug made it into Linux but the operating system's open-source nature means anyone is free to edit its source. The error in the code could have been made by a relatively inexperienced Linux developer, one of the major trade-offs of letting anyone contribute to a major software project.
