Linux Grub2 Bootloader Bug Is A Threat To Bitcoin Companies

Linux Grub2 Bootloader Bug Is A Threat To Bitcoin Companies

Bitcoinist_Grub2 Bootloader

For many years, a lot of people assumed Linux was one of the most secure operating systems in the world. Due to its smaller market share, and completely different codebase from Windows, Linux has been rather safe from major virii and malware. However, there is one simple exploit that lets an assailant breach a Linux machine by pressing the backspace 28 times in a row.

Also read: eCurrency Mint CEO: “It Doesn’t Matter Who Owns Digital Currency Issued By Central Banks, As Long As The Value is Preserved”

Robust Linux Developers Missed One Critical Grub2 Security FlawBitcoinist_Linux Security

Two Spanish security researchers discovered this strange – and very unusual – Linux bug by tapping a specific key more than once in quick succession. Unlike in most cases where computers are involved, smashing the same button worked for once, and let the researchers log in to nearly any Linux machine without too much trouble.

Granted, one would need physical access to the Linux computer before being able to access it, or, at least, have some remote connection to the device. All it takes is hitting the backspace key 28 times in succession, and Linux will let anyone log in without asking for further information or validation.

The bug itself can be found in the Grub2 bootloader, and was an unknown exploit until very recently. Instead of entering a username, repeatedly tapping the backspace key will return the “Grub rescue shell”, which gives full access to the computer. Assailants could then install malware, access any of the computer’s data, or anything else nefarious.

But there is good news to report as well, as the two Spanish security researchers have released an emergency patch to address this issue. In addition, Ubuntu, Debian, and Red Hat have all released individual security patches as well. Linux users are advised to install this Grub2 patch as soon as possible.

It does not happen often computers running Linux are vulnerable to any sort of threat on a software level, but that doesn’t mean physical computer security should be overlooked. Never leave a device unattended, especially when one is in public places where just about anything could happen in the blink of an eye.

A Lot of Bitcoin Companies Use LinuxBitcoinist_Linux Bitcoin

Many companies in the financial industry use the Linux operating system on various machines. This vulnerability could have major implications for them, as well as Bitcoin users and companies, as Linux is quite popular among this crowd. All Bitcoin users should ensure the Grub2 emergency patch is installed as soon as possible.

Even users who run an AWS server for any type of Bitcoin-related project should take the necessary steps to prevent any harm coming to their cloud machines. Applying this critical update shouldn’t take all that long, and if one uses any of the major Linux distros, just an “apt-get install update” will do the trick.

What are your thoughts on this Linux vulnerability? Have you updated your machine(s) yet? Let us know in the comments below!

Source: Lifehacker

Images courtesy of Shutterstock, Security India, AskUbuntu

Jp Buntinx

Jp Buntinx

JP Buntinx is a freelance Bitcoin writer and Bitcoin journalist for various digital currency news outlets around the world. In other notes, Jean-Pierre is an active member of the Belgian Bitcoin Association, and occasionally attends various Bitcoin Meetups in Ghent and Brussels

  • barrystyle

    so tapping backspace 28 times will allow you to bypass the password protection on the bootloader – where your encrypted ext filesystem will just let them slide straight on in – even in single user mode? grub is a boot loader, not a login shell. get real.

  • Anon Wibble

    Yes it’s a pretty tame issue, reminds me of the “linux single” which would boot linux into single user mode.

  • JimboJones007

    How exactly is this issue for bitcoin companies on AWS? This makes no sense whatsoever

  • John Hinsdale

    The grub bug only compromises the system in a physical-access situation when you can just boot to single-user anyway and go hog wild. And what is specific to Bitcoin? This is the dumbest article I’ve read in a long time.