We have seen lots of hacking events at PwnFest. We have seen Microsoft Edge hacked in 18 seconds at PwnFest and at the same event we get to see Google’s new Pixel smartphone getting hacked in 60 seconds. Now, it’s time to shift our gaze to the world of open source and Linux.
Hackers can now bypass the authentication procedures on Linux systems by holding down the “Enter” Key for 70 seconds. If any hacker can bypass the authentication procedures then an attacker can gain full access to Linux root shell, which simply allows the attacker to gain complete remote control over encrypted Linux machine.
The flaw actually relies upon due to a vulnerability (CVE-2016-4484 ) in the implementation of Cryptsetup utility which is used for encrypting hard drives via LUKS (Linux Unified Key Setup). Cryptsetup file is affected by a design error that allows the attacker to retry passwords various times.
The vulnerability was exposed by the same hacker who found a way to break into a Linux machine by hitting backspace key 28 times.
The worst part is, if an attacker has used all the 93 password attempts, the attacker gets to access a shell, Busybox in Ubuntu with root permissions. Simply if a user holds down Enter key for 70 seconds or simply can enter the blank password 93 times he/she can get access to root initial RAM file system shell.
Security researchers explain that “root initramfs shell on affected systems. The vulnerability is very reliable because it doesn’t depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to exflitrate data. This vulnerability is specially serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protect (password in BIOS and GRUB) and we only have a keyboard or/and a mouse.”
If we leave behind physical machines, the attacker can use this flaw to hack the cloud-based Linux services. The flaw had affected Ubuntu, Fedora, Debian and many other Linux distros.
However, the fix for this vulnerability is easy to fix. Users just need to press Enter Key for 70 seconds at the LUKS password prompt until a shell appears, just in order to see if your system is vulnerable.
If it is vulnerable, you need to check with your Linux distribution support vendor to find whether patch is available or not, if it is not available then add the following lines to your boot configuration:
sed -i ‘s/GRUB_CMDLINE_LINUX_DEFAULT=”/GRUB_CMDLINE_LINUX_DEFAULT=”panic=5 /’ /etc/default/grub grub-install