DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
August 5, 2020 
Main Menu
News archives

Who's Online
There are currently 89 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Grub2 bootloader can be hacked by pressing backspace 28 times

Posted on Friday, December 18 2015 @ 23:07:10 CET by

Two security researchers from the Cybersecurity Group at the Polytechnic University of Valencia (UPV) in Spain discovered a vulnerability in Grub2, a popular Linux bootloader, that can be triggered by pressing the backspace button exactly 28 times.

On vulnerable systems, this key combo will open a Grub rescue shell, giving an attacker the power to perform tasks like stealing data or installing malware. One major catch though is that the attacker needs physical access to the vulnerable Linux PC. Furthermore, Grub 2's password protection needs to be activated, and this is a feature that's not widely used, so the impact is quite limited.

The duo released a patch for the vulnerability and Ubuntu, Red Hat and Debian all have released fixes too.
”It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue,” Dan Guido, the founder of security firm Trail of Bits, told Motherboard.

The researchers speculate that such a bug could be used by spies to install malware on a target’s computer to steal his or her files. The spies could install persistent malware on the machine that survives reboots and even new installs.
Via: Vice



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba