Exploit Logs You Into Linux Systems After Hitting Backspace

Post Reply New Topic

http://www.pcmag.com/article2/0,2817,2496870,00.asp


"To quickly check if your system is vulnerable, when the Grub ask you the username, press the Backspace 28 times. If your machine reboots or you get a rescue shell then your Grub is affected,"

Thank for the info on that, I'm updating my system as I post this.

The article says that the exploit requires physical access to the computer to be used so it doesn't really pose much of a threat.

When does Grub ask for a username?

https://help.ubuntu.com/community/Grub2/Passwords

Oh, well, I don't use password protection in Grub. Still, I find it a bit hard to swallow that the bug can log you into the operating system, as opposed to just the bootloader.

For non-emulated servers or home systems, I agree. Laptops, on the other hand...

Also, this:
(emphasis mine)

...which means physical access may not actually necessary. Maybe.

Also, this *only* applies to the Grub2 password protection on the spec'd versions (roughly since 2009) of Grub.

(more technical info here: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html )

This story got way too much attention. It's just the password for the boot loader, something a lot of people don't even do. The 28-backspace grub bug doesn't give a hacker anything more than a simple USB boot image would.

Once they get onto your hard drives, all they would see is the likely-encrypted disk image(s) on LUKS or such. There's no practical way to get into the encrypted disk image.

Ok, they could infect the boot image or put a keylogger in, but a USB drive can do that too. It's nothing like hitting backspace 28 times and just logging in.

... cue the disdain for technology press...

And what would that keylogger do if you don't have an Internet connection while booting?

The keylogger exploit would require a second physical visit. Say, the attacker puts a keylogger between your keyboard and they computer - a USB dongle like this http://www.amazon.com/KeyGrabber-USB-KeyLogger-8MB-Black/dp/B004TUBOKW/ ) . Then wait a few days.

Then when they come back to reclaim the unit, it has logged all of the keystrokes you have typed to unlock encrypted volumes, as well as any other systems, offline or online. It is probably the only feasible way (that I know) to get onto an encrypted volume.