In a recently published paper, two researchers from the Cybersecurity Group at the Polytechnic University of Valencia in Spain have reported the discovery of a brand-new security bug in the Linux operating system. After you’ve tapped backspace for the 28th time (on an affected system), you’ll gain access to the rescue shell-giving you a lot more power over the system than you previously had.
Linux has serious flaw in its Grub bootloader which could let hackers access a locked machine.
That action allows malicious user access to all your data because it initiates Grub Rescue Shell, a secondary interface, originally created to fix various problems.
Right after the Chrysler hack, many security researchers came forward with cars having issues that can allow anyone to hack and remotely control the vehicle.
However, on the flip side, a perfectly secure software is a myth. No computer program ever made is free from the bugs, which can be executed to bring harm, it is only a matter of time when the security researchers or bad guys find them. All you have to do is hit the backspace key enough times, something on the order of 28. Attackers can overwrite the disk, causing denial of service.
The researchers told Motherboard that after studying the underlying code of the bootloader, they found that “the number of backspaces hits” to be the “only input controllable by the user to cause different manifestations of the error”.
When a computer is turned on, the bootloader loads first and then the operating system. It’s not a problem that Ubuntu, Red Hat, and Debian users need to worry about too much as patches have already been issued, and users of other distros can make use of an emergency patch in the Grub2 git repository.
The researchers Hector Marco and Ismael Ripoll noted that once the rescue shell is loaded, an intruder may steal any data or even delete the entire filesystem.