Linux was hacked by pressing Backspace key 28 times

Many believe that the Linux Operating System is one of the most reliable available for PC systems, however, recently some critical security vulnerability was found. Researchers have discovered unusual security vulnerability in the Linux-loader Grub2. It allows user to enter in an emergency console boot after just pressing backspace key 28 times.

28 hits on backspace key and you can log into emergency console of the Linux loader Grub2, bypassing any password protection. This unusual hack found researchers Hector Marco and Ismael Ripoll from the Polytechnic University of Valencia in Spain.


Grub2 used to load the operating system kernel and it is used in most of distributions of Linux, including Ubuntu. According to Hector Marco, the number of vulnerable systems is impossible to count.

Vulnerable versions of Ubuntu

This vulnerability affects all supported Ubuntu distributions, including Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS and Ubuntu 12.04 LTS and also derivative – reported by Canonical Company, which is dedicated to the development of Ubuntu. This vulnerability contains in Grub2 versions since 1.98 that was released in December 2009 and ending with 2.02, released in December 2015.

Nature of the error

After gaining access to the emergency console of Grub2, hackers can easily change their privileges in the system and gain access to all the information. Cyber criminals can easily install malicious software, steal or destroy data and also erase the Grub2 bootloader, which will lead into system failure.


According to the researchers, after hitting backspace key for 28 times, system memory returns error type Off-by-two or Out of bounds overwrite, resulting in the launch of an emergency console. The error lies in the fact that Grub2 incorrectly handles backspace key.

How to fix this vulnerability

The researchers presented their own fix for the detected problem. The patch was also published in the main loader repository. Developers of Ubuntu, Red Hat, Gentoo and Debian also reacted quickly and have already released a patch for this bug.

As you can see there are no hundred percent secure systems and the human factor has not been canceled. That’s why we always recommend to do backups of the most important personal information and store it on external hard drives.

Information added: 12/23/2015 06:26 PM;