Hackers in Spain have discovered a very simple way to hack Linux-run computers, particularly for builds that use Grub2 bootloader. It does not need much technical knowledge but only involves pressing a key several times.
It only involves hitting the backspace key 28 times consecutively, according to the team from the Cybersecurity Group at the Polytechnic University of Valencia. Doing that would bypass the lockscreen, initiate the Grub shell rescue and gives the hacker access to the system.
Engadget explains that hitting the backspace triggers a memory error and launches the rescue shell. However, it also points out that the bug is not a major threat because it requires the hacker to have physical access to the machine it is hacking.
Researchers Hector Marco and Ismael Ripoli stress that the backspace must be hit exactly 28 times which returns the value needed to trigger the error. "The number of backspaces hit was the only input controllable by the user to cause different manifestations of the error," Motherboard quotes Marco.
The two warn that spies could exploit the bug to install malware on a Linux computer to filch data. By installing persistent malware on the machine, it would survive reboots and new installs.
The team adds that they have made an emergency patch to protect Linux system users who could also install patches released by Debian, Red Hat and Ubuntu. They stress that the bug has limited impact since physical access to the machine is required. Nevertheless, "it's a good reminder that computer systems are sometimes vulnerable to silly bugs like this," says the Spanish team.