There’s a simple way to hijack a locked-down computer running the Linux operating system. Thanks to the Grub2 bootloader flaw, pressing a certain key on the keyboard 28 times will let an intruder bypass the password.
The flaw is in GRUB, that bootloader that nearly all Linux distributions use to boot up. According to security researchers Hector Marco & Ismael Ripoll an “incalculable number of devices” are affected by this problem.
Once an attacker gets past the password, they’ll have full access to everything on the PC, just as if they were an admin. The attacker can also copy all of the data or install malware as well as destroy your data.
Using this flaw, the researchers were able to get into the rescue shell of Linux and deploy Malware.
An emergency patch is available here and individual Linux distributions will likely be coming out with patches of their own to solve the problem.
This probably isn’t a huge problem for home users. Linux-based systems like Ubuntu and Mint are found on only a little more than 1% of home systems. But Linux servers are very popular with businesses and, of course, that’s where the majority of your confidential information is stored.
Someone with bad intentions might easily be able to gain access to bank account, credit card or other important personal information if they can get into systems for banks and other businesses.
For many years it was thought that Linux computers were much safer than Windows machines. But like Macs, they were safer because not very many people were interested in hacking them. As their popularity rises, they become better targets.