As an open source operating system, Linux is considered much more secure than other OS’s like Windows or Mac OS. But researchers at the Polytechnic University of Valencia’s Cyber Security Group have just found a major vulnerability in Linux. According to the researchers, you can hack a Linux system by just hitting the backspace key on the keyboard 28 times.
The researchers found out that, using this vulnerability, one can easily bypass the authentication of a locked Linux system in the GRUB2 bootloader. While not all the Linux systems use the said bootloader, GRUB2 bootloader is used by most of the Linux systems. So basically, with this bug, even a 10-year old can hack into your Linux system.
According to the blog post by the researchers:
“The vulnerability, known as CVE-2015-8370, is present in all versions of Grub2 from 1.98, which was released in December 2009, to the current 2.02 version.”
How this works, you might ask. After hitting the backspace key 28 times, the Linux system would return a critical error which initiates the GRUB rescue shell. After that, the hacker can access the contents of the system storage. The hacker can easily delete all your data or put malware on your system which will make it cakewalk to access your system remotely.
Linux is the de-facto OS for big companies, telecoms. Even Android and Chrome OS are based on Linux, So that puts a lot of systems at risk. While this might scare if you are a Linux user, there is very low chances of your system getting hacked. That’s because to hack the system this way, the hacker first need to have physical access to your system. Moreover, patches are already being pushed to fix the loophole.
The researchers, who found the loophole have already developed a patch to prevent such attack.. Debian, Red Hat and Ubuntu have also released patches to fix the problem. So if you’re being prompted for GRUB2 update, install it right away.