According to their father, the kids were able to bypass the Linux Mint screensaver lock not once but twice.
Leaving your children or for the matter, any children alone with your computer is a nightmare, to say the least. But that’s exactly what a father did when his children wanted to hack into his computer.
Leaving them alone with a locked screensaver on Linux Mint, he discovered later on that the children through their unmatched passion for randomly clicking every key and moving the mouse on the machine’s virtual keyboard had actually broken through the locked screensaver and unlocked it.
This could potentially allow an attacker to gain access to a Linux computer if they gain physical access to it or your device got stolen unless you are using BusKill USB.
With the father’s Github name Robo2bobo; the bug report was published on the open-source repository stating:
A few weeks ago, my kids wanted to hack my linux desktop, so they typed and clicked everywhere, while I was standing behind them looking at them play… when the screensaver core dumped and they actually hacked their way in! wow, those little hackers… 🐈
I thought it was a unique incident, but they managed to do it a second time. So I’d consider this issue… reproducible… by kids 😄
I tried to recreate the crash on my own with no success, maybe because it required more than 4 little hands typing and using the mouse on the virtual keyboard.
On the other hand, another user below commented that his kids too had come across a similar discovery. The versions infected include different Linux distributions that are running anything beyond or Cinnamon 4.2:
The author himself has stated that the issue has been reproduced in Mint 18.3,19.3 and 20. Furthermore, it is important to remember that the presence of a virtual keyboard named “libcaribou” is also necessary for this to work.
For the future, if you have any version that could have been affected, luckily a patch is available to help give you peace. On the other hand, there is a lively discussion going on now contesting the mere presence of the on-screen keyboard component and we’re yet to see if it will continue in future Linux versions or not.