Most of the reports we read about hacked operating systems tend to revolve around Microsoft’s Windows or Apple’s OS X. So when a new report emerged suggesting some Linux distros are hackable by simply using the backspace key, that raised my eyebrow. The report claims that most Linux distros can be easily hacked by pressing the backspace key 28 times at login.
Researchers at Polytechnic University of Valencia (UPV) Spain say this hack imitates the GRUB rescue shell giving the hacker full system access, no password required. If you’re not familiar with Linux, it’s probably because it’s never truly caught on as a consumer grade operating system. But Linux is widely used to run many things we as consumers may not see. Telecom companies use Linux, government agencies use Linux, even Google uses Linux (Android and Chrome OS are based on it). So that makes a lot of systems that might be vulnerable.
The vulnerability, known as CVE-2015-8370, is present in all versions of Grub2 from 1.98, which was released in December 2009, to the current 2.02 version. To date, Ubuntu, Red Hat, Debian, and other distributions have released fixes to the bug. Linux users are urged to install any update they receive for grub2 as soon as they see it.
The good news is several Linux distros have already issued a bug fix but Linux comes in hundreds of flavors and hopefully those get patched quickly as well. You can read the entire report from Polytechnic University at the link below, it is quite extensive and in depth.
Are you a Linux user? Have you seen this bug in your distro? Has your distro been patched already? Let us know in the comments below or on Google+, Facebook and Twitter.