Grub Vulnerability : You can Hack into a Linux PC/laptop just by pressing ‘Backspace’ 28 times
Most of us swear by Linux as a super secure operating system but two security researchers from Spain have discovered a unique vulnerability in Linux which could give even a noob access to a Linux powered PC.
Here’s How to Exploit the Linux Vulnerability
If your computer system is vulnerable to this bug:
Just hit the backspace key 28 times at the Grub username prompt during power-up. This will open a “Grub rescue shell” under Grub2 versions 1.98 to version 2.02.
This rescue shell allows unauthenticated access to a computer and the ability to load another environment.
From this shell, any potential attacker could gain access to all the data on a Linux computer, and can misuse it to steal or delete all the data, or install persistent malware or rootkit, according to researchers Ismael Ripoll and Hector Marco, who published their research on Tuesday.
According to Ripoll and Marco, the Grub vulnerability affects Linux systems from December 2009 to the present date. They have stated that even some older Linux PCs may be affected by this bug.
Patch
The good news is the researchers have made an emergency patch to fix the Grub2 vulnerability. So if you are a Linux user and worried your system might be vulnerable, you can apply this emergency patch, available here.
Most people don’t use a grub or a bios password anyway. Only data encryption works against physical access.
well which linux version i tried on 15.04 nothing happens
Nothing happens because you are an amateur!
Linux doesn’t have a version 15.04. That might be a ubuntu or fedora release, but not linux. Linux is only just recently making version 4
thanks great
Wow that’s a great finding.. And what about other boot loaders.. !! Grub…..Linux …!!! ?
I can just imagine how this was discovered. Perhaps out of pure boredom, or maybe frustration, someone taps the backspace button 28 times while a computer is booting up? LOL. And would a hacker really have tried that?