ubuntu-16-10-yakkety-yak-installation-screenshot-3

Short Bytes: Due to a flaw in the Cryptsetup encryption utility, a hacker can get access to the root shell by holding down the Enter key for 70 seconds on a Linux system. While the attacker can’t access the encrypted files directly, he/she can copy, destroy, or modify the contents of the hard disk. This loophole can be fixed by applying patches or adding few lines of code to the boot configuration.

This month should be named the “hacked in seconds month”. After witnessing Microsoft Edge being hacked in 18 seconds at PwnFest, we came across the crippling of Pixel, Safari, and Adobe Flash. Now, it’s time to shift our gaze to the world of open source and Linux.

Due to a flaw in the implementation of Cryptsetup utility, used for encrypting hard drives via Linux Unified Key Setup (LUKS), an attacker can gain access to Linux root shell by holding down the enter key for 70 seconds. Cryptsetup file is affected by a design error that allows one to retry passwords various times.

Once the attacker has used up all the 93 password attempts, he/she gets to access a shell, Busybox in Ubuntu, with root permissions. In other words, if a user holds down the Enter key for about 70 seconds (or enters a blank password 93 times), he/she can get access to root initramfs (initial RAM file system) shell.

This fault is exposed by the same hacker that found a way to break a Linux machine by hitting backspace key 28 times.

While this attack doesn’t give access to the contents of the encrypted drive, with the help of this attack, a hacker can copy, destroy, or modify the contents of the hard disk. Moreover, he/she can set up the machine to leak data. This scenario is very dangerous in ATMs, labs, airport machines, etc. where the boot process is secured and one can access a mouse and a keyboard.

Apart from the physical machines, one can also exploit this flaw remotely and hack the cloud-based Linux services. This flaw has been confirmed to affect Ubuntu, Fedora, Debian, and many other Linux distros.

How to fix 70 seconds Linux root shell hack?

You need to check if your partitions are encrypted using LUKS. To do this, run the following command:

dmsetup status | awk ‘BEGIN {FS=”:”} ; /crypt\s*$/ {print “Encrypted: ” $1}’

This command will show you the names of encrypted partitions. If you don’t see any partition in the list, you’re safe. If you’re affected, you can look up for a patch from your Linux distribution vendor. If there’s no patch, you need to add the following lines to your boot configuration:

sed -i ‘s/GRUB_CMDLINE_LINUX_DEFAULT=”/GRUB_CMDLINE_LINUX_DEFAULT=”panic=5 /’ /etc/default/grub grub-install

For detailed information, you can visit Hector Marco’s website.

Also Read: What Is The Difference Between Sudo And Su In Linux?

Did you find this article interesting? Don’t forget to drop your feedback in the comments section below.