Two security researchers from the Cybersecurity Group at the Polytechnic University of Valencia (UPV) in Spain discovered a vulnerability in Grub2, a popular Linux bootloader, that can be triggered by pressing the backspace button exactly 28 times.
On vulnerable systems, this key combo will open a Grub rescue shell, giving an attacker the power to perform tasks like stealing data or installing malware. One major catch though is that the attacker needs physical access to the vulnerable Linux PC. Furthermore, Grub 2's password protection needs to be activated, and this is a feature that's not widely used, so the impact is quite limited.
The duo released a patch for the vulnerability and Ubuntu, Red Hat and Debian all have released fixes too.
”It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue,” Dan Guido, the founder of security firm Trail of Bits, told Motherboard.
The researchers speculate that such a bug could be used by spies to install malware on a target’s computer to steal his or her files. The spies could install persistent malware on the machine that survives reboots and even new installs.