A newly discovered, rudimentary Linux exploit -- which only requires hackers to press the backspace key repeatedly -- could spell big trouble for certain users
A crucial flaw has been found in a number of Linux based software distributions that allows hackers to jump through security measures in a method that seems heinously simple: tapping the backspace key 28 times in a row.
According to Engadget, the discovery was made by the Cybersecurity Group at Polytechnic University of Valencia (UPV) in Spain. The team stumbled across this strange backdoor measure while testing the security of the Grub2 bootloader, which is commonly found in a large majority of Linux based operating systems.
Hitting the backspace key 28 times in a row immediately bypasses the lock screen and allows users to access anything in the system from there.
While presumably intended to be used by the owner of the system for things like maintenance and diagnostics information — officially, hitting backspace 28 times takes the user to a “rescue shell,” which grants this information under the pretense that there is something in the system that needs rescuing — it comes across as a disturbing security error.
However, although this exploit presents security consequences, a hacker would have to physically access the machine they are intending to hack in order to gain access to this information. This is not something that is achievable over the internet.
Linux distributors Ubuntu, Red Hat, and Debian have released patches which address this issue.
The second-to-last paragraph glosses over the real issue.
Any sysadmin will tell you, “If you don’t have physical security, you don’t have security PERIOD.” There are so many ways to get into a computer, regardless of the OS, that you can do if you have physical access to it, like plugging in a USB stick with Knoppix on it and power-cycling the box. The first thing you do if you need to have a secure network is restrict physical access to the equipment.