You Can Enter a Linux System by Pressing the Backspace Key 28 Times. Here’s How to Fix It
Pressing the key over and over does indeed work for one time. Two security researchers in Spain recently discovered a strange bug that will allow you to log into most Linux computers by simply hitting the return key 28 times. Here’s how to fix it and protect your data.
Researchers Hector Marco and Ismael Ripoll of the cybersecurity team at the Polytechnic University of Valencia have discovered that it is possible to bypass the entire security of a locked Linux machine using a bug in the Grub2 bootloader. Basically, hitting Backspace 28 times when the machine asks for your username hits the “Grub recovery shell”, and once there, you can access your computer’s data or install malware. Luckily, Marco and Ripoll made a crash patch to fix the Grub2 vulnerability. Ubuntu , Red Hat and Debian have released patches to fix this as well.
Linux is often considered an ultra-secure operating system, but it’s a good reminder to take physical security just as seriously as network security (if not more). Be especially careful when there are people on your computer you don’t know, especially if your system contains sensitive data.
Back to 28: 0 Day Grub2 Authentication | Hector Marco and Ismael Ripoll via motherboard