Break Into a Linux System by Pressing Backspace 28 Times

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
You can break into a system running Linux by pressing backspace 28 times? What? That sounds like something someone would just make up. :eek:

The researchers, Hector Marco and Ismael Ripoll from the Cybersecurity Group at Polytechnic University of Valencia, found that it’s possible to bypass all security of a locked-down Linux machine by exploiting a bug in the Grub2 bootloader. Essentially, hitting backspace 28 times when the machine asks for your username accesses the “Grub rescue shell,” and once there, you can access the computer’s data or install malware.
 
Have we dismissed the idea that open source software is secure just because it's open source yet? High-profile bugs that have been in the code for ages like this, or that bash elevation bug kinda drive a truck through that notion.
 
Quix said:
Have we dismissed the idea that open source software is secure just because it's open source yet? High-profile bugs that have been in the code for ages like this, or that bash elevation bug kinda drive a truck through that notion.
Click to expand...

Anyone who actually knows what they are talking about never say it's perfectly secure against attacks just because open source. They'd say that it's more secure than if it was just a single team of people with eyes on it. And this is a prime example of how that works. It was found by someone outside of the development team, reported to them, patched, and then announced that it was a thing. The way open source works though is that it's hard to get a patch merged in without it drawing the attention of people, which means most fixes wind up being public as soon as they are fixed.

Also. this is a bootloader bypass. I know very few people who use a passworded bootloader. And if someone cared enough to put the password on the bootloader, odds are their data is encrypted, which makes this attack do nothing, as the data isnt going to magically decrypt without a passphrase just because you overflowed an input. If their data isn't encrypted, an attacker could simply boot to DVD/USB, and then access the drive from there anyway. The bootloader is never meant to be a security mechanism

This is overly sensationalized. This is a nonissue because the data was either accessible anyway through easier means, or the data is still encrypted.
 
Yeah this isn't as much of a Linux exploit as it is a grub exploit. My laptop uses grub, go ahead and do this, cause the rest of it is all encrypted.
 
Quix said:
Have we dismissed the idea that open source software is secure just because it's open source yet? High-profile bugs that have been in the code for ages like this, or that bash elevation bug kinda drive a truck through that notion.
Click to expand...

It's not more secure because its open source. Nobody that has a clue will say that. It is much more transparent when there is a bug. It's also more secure in the sense that you can review and compile the code yourself. Microsoft says there are no backdoors, but how do you really know? Did they give you the code to compile and check? Open source is more secure in that you get to review the code you are running, not that it is guaranteed bug free.
 
Steve said:
You can break into a system running Linux by pressing backspace 28 times? What? That sounds like something someone would just make up. :eek:

The researchers, Hector Marco and Ismael Ripoll from the Cybersecurity Group at Polytechnic University of Valencia, found that it’s possible to bypass all security of a locked-down Linux machine by exploiting a bug in the Grub2 bootloader. Essentially, hitting backspace 28 times when the machine asks for your username accesses the “Grub rescue shell,” and once there, you can access the computer’s data or install malware.
Click to expand...

So, if I can sit on the keyboard and press the backspace key 28 times, I can just boot the fucking thing to a thumbdrive and be done with it. Stupid idiots.
 
If you've got keyboard access to my server, I've already lost, end of story.
 
I thought it was up up down down left right left right b a b a select start... Er...;)
 
bisby said:
Anyone who actually knows what they are talking about never say it's perfectly secure against attacks just because open source. They'd say that it's more secure than if it was just a single team of people with eyes on it. And this is a prime example of how that works. It was found by someone outside of the development team, reported to them, patched, and then announced that it was a thing. The way open source works though is that it's hard to get a patch merged in without it drawing the attention of people, which means most fixes wind up being public as soon as they are fixed.

Also. this is a bootloader bypass. I know very few people who use a passworded bootloader. And if someone cared enough to put the password on the bootloader, odds are their data is encrypted, which makes this attack do nothing, as the data isnt going to magically decrypt without a passphrase just because you overflowed an input. If their data isn't encrypted, an attacker could simply boot to DVD/USB, and then access the drive from there anyway. The bootloader is never meant to be a security mechanism

This is overly sensationalized. This is a nonissue because the data was either accessible anyway through easier means, or the data is still encrypted.
Click to expand...

If you do that, you steal the data and decrypt it at your leisure. If your going that far, you will likely have some way of defeating the encryption also.
 
Quix said:
Have we dismissed the idea that open source software is secure just because it's open source yet? High-profile bugs that have been in the code for ages like this, or that bash elevation bug kinda drive a truck through that notion.
Click to expand...

Have you forgot that unencrypted windows workstations can be owned simply by booting them off a linux USB stick. This 'bug' is no worse than that.
 
I find these articles genuinely funny. If people had any real idea how many of their devices run off Linux, keep in mind Linux is a kernel, NOT a operating system. funny fact, I bet most of the devices in your life either are run off a Linux kernel or are directly derived from it, lol. Even your smart coffee marker runs it. Just sayin.....Linux is more secure because it's proven more secure, this silly notion it's "obscure" is honestly a joke. I'd bet there are more Android phones than there are active PC's anymore in the world, guess what, Linux Kernel, as are the majority of datacenter servers. Most govermental data servers, etc etc....

Funny stuff.
 
Vercinaigh said:
I find these articles genuinely funny. If people had any real idea how many of their devices run off Linux, keep in mind Linux is a kernel, NOT a operating system. funny fact, I bet most of the devices in your life either are run off a Linux kernel or are directly derived from it, lol. Even your smart coffee marker runs it. Just sayin.....Linux is more secure because it's proven more secure, this silly notion it's "obscure" is honestly a joke. I'd bet there are more Android phones than there are active PC's anymore in the world, guess what, Linux Kernel, as are the majority of datacenter servers. Most govermental data servers, etc etc....

Funny stuff.
Click to expand...

To be honest Android is the windows of smartphones. No other mobile platform has as much malware and viruses roaming about. But that's due to the flawed distribution models of Google mainly, not the kernel.
 
Vercinaigh said:
I find these articles genuinely funny. If people had any real idea how many of their devices run off Linux, keep in mind Linux is a kernel, NOT a operating system. funny fact, I bet most of the devices in your life either are run off a Linux kernel or are directly derived from it, lol. Even your smart coffee marker runs it. Just sayin.....Linux is more secure because it's proven more secure, this silly notion it's "obscure" is honestly a joke. I'd bet there are more Android phones than there are active PC's anymore in the world, guess what, Linux Kernel, as are the majority of datacenter servers. Most govermental data servers, etc etc....

Funny stuff.
Click to expand...

Security by obscurity is a reality in the Linux desktop world. However you define Linux is not relevant regardless.
 
Physical access means you're screwed except if your Hard Drives are encrypted, then you have a small chance of protection depending how determined they are.
 
lcpiper said:
Physical access will obviate all security.
Click to expand...

Exactly. No device is secure if you have physical access (like you would have to be to access the grub screen as they are doing)

I mean seriously, you could just open a box up and grab the hard drive....

No software is immune to vulnerabilities. What is telling here is that most distributions have already parched it as it is being announced. If it were Microsoft it would be addressed next patch Tuesday. Apple wouldn't get around to fixing it for another 6 months.

*nix type systems are the gold standard for security, but even they have flaws sometimes, and when they do they are usually patched immediately when discovered.
 
Zarathustra[H];1042041363 said:
Exactly. No device is secure if you have physical access (like you would have to be to access the grub screen as they are doing)

I mean seriously, you could just open a box up and grab the hard drive....

No software is immune to vulnerabilities. What is telling here is that most distributions have already parched it as it is being announced. If it were Microsoft it would be addressed next patch Tuesday. Apple wouldn't get around to fixing it for another 6 months.

*nix type systems are the gold standard for security, but even they have flaws sometimes, and when they do they are usually patched immediately when discovered.
Click to expand...

Not anymore with Microsoft, critical patches would be done quite a bit more quickly now. Also, just because a patch for the vulnerability was released does not mean it will be installed. What is telling is that this vulnerability exists at all because this is a pretty nasty one.

Most servers will not even receive this patch till much later since they are 24/7 boxes most of the time. However, I do appreciate being made aware of this, thanks.
 
ManofGod said:
Not anymore with Microsoft, critical patches would be done quite a bit more quickly now. Also, just because a patch for the vulnerability was released does not mean it will be installed.
Click to expand...

Would you like Windows 10 with your critical update patch? Click "yes" to install now or "tonight" to upgrade overnight.
 
/usr/sbin said:
Would you like Windows 10 with your critical update patch? Click "yes" to install now or "tonight" to upgrade overnight.
Click to expand...

Well, at least the Microsoft bashing is consistent. :D I run the Pro OS and do not have those issues. Also, I like that the VM Ware Workstation 12 shuts down all virtual machines through a hibernate type mode when I restart my computer. However, my work machine, also a Windows 10 Pro, has never spontaneously rebooted because of an update. :)

Personally, I have never really like GRUB but that is the one that won out. (I do not recall the name of the other boot loader that is not available anymore, as far as I know.)
 
/usr/sbin said:
It's not more secure because its open source. Nobody that has a clue will say that. It is much more transparent when there is a bug. It's also more secure in the sense that you can review and compile the code yourself. Microsoft says there are no backdoors, but how do you really know? Did they give you the code to compile and check? Open source is more secure in that you get to review the code you are running, not that it is guaranteed bug free.
Click to expand...

The issue comes is who is reviewing said code and looking for the issues, sometimes no one, hence why openssl had an exploit for how many years that went un-noticed.
 
You also have to be physically present at the machine to do this. At that point, it's already compromised if you're not suppose to be there.
 
You must log in or register to reply here.
Back
Top