We have seen lots of hacking events at PwnFest. We have seen Microsoft Edge hacked in 18 seconds at PwnFest and at the same event we get to see Google’s new Pixel smartphone getting hacked in 60 seconds. Now, it’s time to shift our gaze to the world of open source and Linux.
Hackers can now bypass the authentication procedures on Linux systems by holding down the “Enter” Key for 70 seconds. If any hacker can bypass the authentication procedures then an attacker can gain full access to Linux root shell, which simply allows the attacker to gain complete remote control over encrypted Linux machine.
The flaw actually relies upon due to a vulnerability (CVE-2016-4484 ) in the implementation of Cryptsetup utility which is used for encrypting hard drives via LUKS (Linux Unified Key Setup). Cryptsetup file is affected by a design error that allows the attacker to retry passwords various times.
The vulnerability was exposed by the same hacker who found a way to break into a Linux machine by hitting backspace key 28 times.
The worst part is, if an attacker has used all the 93 password attempts, the attacker gets to access a shell, Busybox in Ubuntu with root permissions. Simply if a user holds down Enter key for 70 seconds or simply can enter the blank password 93 times he/she can get access to root initial RAM file system shell.
Security researchers explain that “root initramfs shell on affected systems. The vulnerability is very reliable because it doesn’t depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to exflitrate data. This vulnerability is specially serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protect (password in BIOS and GRUB) and we only have a keyboard or/and a mouse.”
If we leave behind physical machines, the attacker can use this flaw to hack the cloud-based Linux services. The flaw had affected Ubuntu, Fedora, Debian and many other Linux distros.
However, the fix for this vulnerability is easy to fix. Users just need to press Enter Key for 70 seconds at the LUKS password prompt until a shell appears, just in order to see if your system is vulnerable.
If it is vulnerable, you need to check with your Linux distribution support vendor to find whether patch is available or not, if it is not available then add the following lines to your boot configuration:

Also Read  how to reduce android system battery drain

    sed -i ‘s/GRUB_CMDLINE_LINUX_DEFAULT=”/GRUB_CMDLINE_LINUX_DEFAULT=”panic=5 /’ /etc/default/grub grub-install

Kelvin Alexander

Previous articleApple’s New iPhone Becomes The Best Selling Smartphone
Next articleGoogle’s New Pixel Smartphone Hacked In Just 60 Seconds
Applygist.com is founded and owned Sam Bennett A web developer, SEO Geek and computer engineer that has great passion and interest for technology and latest trends in the ICT world. The main aim of this great site is to keep all the visitors and followers abreast of the latest trends in the technology and telecommunication world latest free, cheap and best data subscription plans; latest electronic gadgets, phone reviews, tech tutorials and all your ICT issues. Applygist.com give our esteemed customers, partners, and visitors what they deserve by rendering valuable information, tutorials, and reviews to suit any category of persons or organization. This blog is updated daily with the latest information and tutorials to spice and increase your ICT and technology know-how.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.