Linux login? No password? Just hit backspace 28 times


Any distribution using the Grub2 bootloader (that’s most of them) is vulnerable to this, let’s be generous, ‘hack.’

All that’s required is to press the <backspace> key 28 times on the login screen. This will cause an integer underflow leading either to a reboot or a rescue screen.

According to a pair of researchers from the Cybersecurity Group at the Polytechnic University of Valencia, who have rather whimsically names the issue ‘Back to 28,’ Grub2 versions 1.98 (December 2009) to 2.02 (December 2015) are affected.

The researchers Hector Marco and Ismael Ripoll noted that once the rescue shell is loaded, an intruder may steal any data or even delete the entire filesystem.

Ubuntu, Red Hat and Debian have already made patches available.

Ihas long been known that once a hacker has physical access to your computer, ‘all bets are off,’ but this is really making it too easy.

iTWire recommends all Linux users attempt the 28 backspace login to determine whether they’re vulnerable. If they are and are running one of the distros listed, so much the better; apply the patch. If they have a different distro, they might want to make urgent contact with whatever support is available.

Author: Amanda Walker

Share This Post On
Submit a comment

Submit a Comment