For many years, a lot of people assumed Linux was one of the most secure operating systems in the world. Due to its smaller market share, and completely different codebase from Windows, Linux has been rather safe from major virii and malware. However, there is one simple exploit that lets an assailant breach a Linux machine by pressing the backspace 28 times in a row.
Two Spanish security researchers discovered this strange – and very unusual – Linux bug by tapping a specific key more than once in quick succession. Unlike in most cases where computers are involved, smashing the same button worked for once, and let the researchers log in to nearly any Linux machine without too much trouble.
Granted, one would need physical access to the Linux computer before being able to access it, or, at least, have some remote connection to the device. All it takes is hitting the backspace key 28 times in succession, and Linux will let anyone log in without asking for further information or validation.
The bug itself can be found in the Grub2 bootloader, and was an unknown exploit until very recently. Instead of entering a username, repeatedly tapping the backspace key will return the “Grub rescue shell”, which gives full access to the computer. Assailants could then install malware, access any of the computer’s data, or anything else nefarious.
But there is good news to report as well, as the two Spanish security researchers have released an emergency patch to address this issue. In addition, Ubuntu, Debian, and Red Hat have all released individual security patches as well. Linux users are advised to install this Grub2 patch as soon as possible.
It does not happen often computers running Linux are vulnerable to any sort of threat on a software level, but that doesn’t mean physical computer security should be overlooked. Never leave a device unattended, especially when one is in public places where just about anything could happen in the blink of an eye.
Many companies in the financial industry use the Linux operating system on various machines. This vulnerability could have major implications for them, as well as Bitcoin users and companies, as Linux is quite popular among this crowd. All Bitcoin users should ensure the Grub2 emergency patch is installed as soon as possible.
Even users who run an AWS server for any type of Bitcoin-related project should take the necessary steps to prevent any harm coming to their cloud machines. Applying this critical update shouldn’t take all that long, and if one uses any of the major Linux distros, just an “apt-get install update” will do the trick.
What are your thoughts on this Linux vulnerability? Have you updated your machine(s) yet? Let us know in the comments below!
Images courtesy of Shutterstock, Security India, AskUbuntu
1 Hova Villas Brighton & Hove
BN3 3DH United Kingdom
All rights reserved by Bitcoinist Ltd. | 2016.