Linux is a secure system and is increasingly being used in companies. Is it still infallible? No, of course not, and that’s the point proves the amazing discovery of two Spanish researchers. According to them, pressing a certain key several times would be enough to hack any computer running Linux. The worst is yet to come as most distributions would be affected.
Hector Marco and Ismael Ripoll have been interested in IT for a long time and have even made it their profession. You actually worked for the cybersecurity department of for several years from the University of Valencia.
Grub2 is to blame for everything!
If you are not familiar with this, GNU GRUB (GRand Unified Bootloader) is a boot program. It is launched at computer startup and allows the user to select which system to boot.
In particular, thanks to it you can switch between your favorite distro and another operating system without getting your hands dirty.
So it works on the same principle as LILO, but recognizes almost all file systems and is built into most Linux distributions on the market for exactly this reason.
Nevertheless, our two experts found a method to take control of a computer based on a Grub2-specific error – or rather a bug. All you have to do is… hit the backspace key (or backspace if you want) to access the tool’s recovery console.
The tactile technique backspace
From there it is quite possible to access the data stored on the machine’s hard drives or even to install one by tinkering malware in step.
Hector and Ismael detailed the whole process in a note available online at this address. They didn’t go somewhere else with a dead hand. According to the newspaper, press 28 times Pressing this button would cause an error in the system memory and trigger the launch of the famous console mentioned above.
Of course, if a hacker can physically access a machine, they don’t necessarily need this bug to recover the data stored on it, but it’s still a very nasty bug and we have to hope it gets fixed soon enough.
Without Linux at home, I couldn’t test this technique, so don’t hesitate to share your feedback in the comments after this article.
Update: The bug has been fixed. So you better think about upgrading Grub on your bike.