Hack Into a Linux System by Pressing Backspace 28 Times

If you’re trying to steal someone’s files from his or her computer, getting past the login screen can be hard, if not impossible. But thanks to a bizarre bug in several distributions of Linux, all you need is to hit the backspace key 28 times.

Hitting a key over and over again actually works for once. Two security researchers in Spain recently uncovered a strange bug that will let you into most Linux machines just by hitting the backspace key 28 times. Here’s how to fix it and keep your data protected.

”The number of backspaces hits was the only input controllable by the user to cause different manifestations of the error.”

The researchers, Hector Marco and Ismael Ripoll from the Cybersecurity Group at Polytechnic University of Valencia, found that it’s possible to bypass all security of a locked-down Linux machine by exploiting a bug in the Grub2 bootloader. Essentially, hitting backspace 28 times when the machine asks for your username accesses the “Grub rescue shell,” and once there, you can access the computer’s data or install malware. Fortunately, Marco and Ripoll have made an emergency patch to fix the Grub2 vulnerability. Ubuntu, Red Hat, and Debian have all issued patches to fix it as well.

Linux is often thought of as a super secure operating system, but this is a good reminder to take physical security just as seriously as network security (if not more). Take extra care when your machine is around people you don’t know, especially if your system has sensitive data on it.