Contrary to what you might have experienced as Aiden Pierce in Watch Dogs, hacking isn’t easy. In fact, trying to log in to someone else’s computer to compromise their files is practically impossible without the right set of tools. Fortunately (or perhaps unfortunately, depending on who you’re asking) security researchers have discovered a bug in several Linux distributions that makes taking over an entire system as easy as striking the backspace key 28 times.
The report comes from security researchers Hector Marco and Ismael Ripoll, at a Polytechnic University Cybersecurity Group in Valencia, Spain. Upon backspacing exactly 28 times, the pair discovered that all authentication systems can be easily overridden. The bug affects every distribution of Linux using Grub2, the bootloader found in “most Linux systems,” the researchers wrote in their published results.
Assuming the system is in fact susceptible to the bug, anyone with the right know-how could access the system’s “Grub rescue shell,” which, with just a few keystrokes, can give them unhindered access to any and all data found on the PC. Of course, with malicious intentions, a person could seamlessly install persistent malware, allowing them to sabotage what’s rightfully yours.
“The number of backspaces hit was the only input controllable by the user to cause different manifestations of the error,” the researchers declared.
Experts agree that this bug is an alarming security oversight for the bootloader developers.
“It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue,” Trail of Bits founder Dan Guido pointed out.
On the bright side, Marco and Ripoll have worked together to come up with a solution for the bug in question. It’s a simple patch compatible with Ubuntu, Red Hat, and Debian distributions. Your best bet would be to install it quickly before letting anyone untrustworthy get ahold of your machine.
- Microsoft could be planning to launch both a Surface 7 and Surface Pro 7
- Surface 7: Everything we know about Microsoft’s new 2-in-1
- Ring says it isn’t using facial recognition, but it’s definitely working on it
- Apple’s iOS 12.4 apparently unpatched a security flaw and enabled a jailbreak
- iPadOS is now available — here are all the best new features