Want to hack a Linux computer? Just hit backspace 28 times

Fortunately (or perhaps unfortunately, depending on who you’re asking) security researchers have discovered a bug in several Linux distributions that makes taking over an entire system as easy as striking the backspace key 28 times.

A pair of researchers from the University of Valencia have discovered such a flaw, plaguing a high number of various Linux distributions, allowing just about anyone to bypass any form of authentication and just log in as a privileged user, by yes, pressing backspace 28 times.

The hacker is then free to install malware, steal data, or indeed wipe the machine clean. The only method that could be manipulated by the user with common inputs was the Backspace method, which causes the system to revert to its “Grub rescue shell”. But it is nevertheless worrying that such a basic vulnerability could have existed for so long in the boot loader. As it turns out, there is a bug in the Grub2 bootloader that lets you bypass the username/password prompt. And while the hack is quite a disconcerting new development, it is worth mentioning that hackers would still need to be actually in front of your computer, and that Red Hat, Debian, and Ubuntu have all rolled out patches to take care of the exploit. “The main vendors are already aware of this vulnerability”.

According to Ripoll and Marco, the Grub vulnerability affects Linux systems from December 2009 to the present date.

Security in the open source community is gaining more awareness as the overall threat landscape worsens.