LUKS New Vulnerability, Hacking Linux with single Key Press !

 

A new vulnerability has just surfaced that can compromise your Linux system by pressing the Enter key. The issue is available within the Linux Unified Key Setup (LUKS), majorly affecting Debian & Fedora & Ubuntu (Ubuntu is Debian Based) platforms.

penguin-159784_640

Tracked as CVE-2016-4484, the LUKS vulnerability is discovered by Spanish security researcher Hector Marco. It makes the systems vulnerable if there is an encrypted system partition and provides access to root initramfs shell due to an error in the Cryptsetup utility.

Also Check : Ethical Hacking Process

Attackers need to hold down the Enter key for around 70 seconds to skip their repeated password prompts on the system and ultimately gain access to the shell.

Using the security hole, the attackers can copy, modify and destroy the hard disk on your system as well as establish a network to even “exfiltrate” data. The issue is mainly severe if the entire boot process is protected. In other words, if you have password protection in BIOS and GRUB.

 

“An attacker with access to the console of the computer and with the ability to reboot the computer can launch a shell (with root permissions) when he/she is prompted for the password to unlock the system partition,” the researchers explained.

You can fix the issue on your Linux device by disabling its boot sequence when several password guesses are implemented. Also, a panic function can be created to prevent console access. Various Linux-backed Debian distributions have already received the bugfix to patch the serious LUKS vulnerability. However, Canonical is yet to release a similar fix for its Ubuntu platform.

Tahar Amine | TheBlaCkCoDeR | http://www.Th3ProDz.Tk

Manjesh Shetty

Manjesh shetty is  Founder of GOPCSOFT and B.Tech Graduate from Sahyadri College of Engineering. He is Part-time Tech Blogger, Mozillian, Developer by passion, an open source contributor and FOSS enthusiast. His writing and Tech-talks focus has been revolving around Hacking, Techie Tutorials, SEO, computer security.