Embarrassing Linux Vulnerability Lets You Login Any Computer Pressing Backspace 28 Times

Linux, the purportedly highly-secure operating system that runs everything from computers to the backbone of the Internet has been plagued by an odd and quite simply embarrassing vulnerability.

It seems almost silly to say, but what if you could hijack any Linux operating system by pressing backspace 28 times? No hacking or technicalities needed, just tapping your finger on the key.

A pair of researchers from the University of Valencia have discovered such a flaw, plaguing a high number of various Linux distributions, allowing just about anyone to bypass any form of authentication and just log in as a privileged user, by yes, pressing backspace 28 times.

The issues lie neither in the kernel nor operating system itself but instead stems from a vulnerability within Grub2, or Grand Unified Bootloader, that boots up on Linux systems when they are powered on. The program helps boot up main parts of the OS and even lets you run multiple operating system’s on one machine.

The vulnerability within Grub2 is an integer underflow flaw that was first introduced with single commit released initially in Grub v1.98, which came out December 2009, affecting the grub_password_get() function.

Checking is your Linux system is susceptible

As the flaw is quite simple, it requires literally zero technical skills, meaning even the first time Linux users could check their systems. To check, start by clicking the backspace key 28 times in a row when met with the Grub username prompt during initial boot. This will trigger the “Grub Rescue Shell” which is supported in versions 1.98 through version 2.02.

The rescue shell allows a blatant bypass of any form of authorization, allowing unauthenticated users to load into a stable and working environment.

From that point forward, an attacker could potentially gain access to all the information stored on your hard drive, and even install malware or rootkits, the two researchers Ismael Ripollo and Hector Marco, said in their research published Tuesday.

How to protect your Linux system from this lame flaw

The critical yet rather lame Grub flaw affects Linux systems dating as far back as 2009 all the way up til 2015, and will likely affect outdated distro’s coming into 2016.

Prior to published their news, the two researchers contacted Grub who issued and emergency patch fixing the Grub2 vulnerability. If you’re a Linux user and worried your system may be at risk you can apply the emergency patch from the researchers official website.


Alongside Grub issuing emergency patches, major distributions including Ubuntu, Red Hat, and Debian have also issued emergency patches to their systems, fixing the 28 click backspace flaw.

If you are using a vulnerable operating system, it’s highly advised you install the emergency patches and double check to ensure your system is not vulnerable. After successfully installing the patches, reboot your Linux system and once again try to trigger the “Grub Rescue Shell” by pressing backspace 28 times in a row.

Linux is tough to be a highly-secure operating system, not to say it is insecure, however, this is just another blunt reminder that no matter how secure a system may seem, they could be susceptible to minute yet critical flaws.

Related Posts