Now You Can Hack Linux System In Just 70 Seconds

Recently Microsoft Edge was hacked in 18 seconds at PwnFest and we witnessed the crippling of Pixel, Safari, and Adobe Flash and now Linux was the target. This month many hacking stories was written about various devices but this one involves an open source operating system that we all are familiar with known as Linux.

Also Read: Mark Zuckerberg’s Pinterest Account Gets Hacked Again

A new hacking news about hacking a Linux running machine in 70 seconds. This happened because of a flaw in the implementation of Cryptsetup utility, that is used for encrypting hard drives via Linux Unified Key Setup (LUKS). With that being said from the recent news a hacker can gain access to the famous and open source operating system Linux in just 70 seconds by just holding down the enter key for 70 seconds.

The main cause of this hack is a Cryptsetup file that is affected by a design error that will allow the attacker to retry passwords several times. It takes about 93 attempts to own any Linux machine and applications like Busybox in Ubuntu, with root permissions. And this flaw was exposed by the same hacker who managed to break into Linux by hitting backspace key 28 times.

With the help of this hack, the attacker can do the following things to a Linux running machine, copy, destroy, or modify the contents of the hard disk. However, the attacker can’t get access to the contents of the encrypted drive. In addition to that, the attacker can leak the data. This hack is very harmful to certain places like ATMs, labs, airport machines because the process of the boot is secured and the attacker can access a mouse and keyboard and get away with the hack.

Also Read: 2017 Will Face Tough Challenges Against Cybersecurity Threats

This is a simple tutorial to fix this 70 seconds hack. Follow the steps below carefully.

Step 1. You need to run the following command:

dmsetup status | awk ‘BEGIN {FS=”:”} ; /crypt\s*$/ {print “Encrypted: ” $1}’

And you need to check if your partitions are encrypted using LUKS.

Step 2. Now this command will give you full information and the names of encrypted partitions. After executing this command if you don’t see any partitions you’re lucky. And if you’re affected then you can look for a patch from your Linux distribution vendor. And if there’s no patch, you can add the following lines to your boot configuration and disable this hack.

sed -i ‘s/GRUB_CMDLINE_LINUX_DEFAULT=”/GRUB_CMDLINE_LINUX_DEFAULT=”panic=5 /’ /etc/default/grub grub-install

Also Read: Be Alert! Android Phones Of These Brand Are Being Tracked By China

If you want a detail information about this issue and solution visit this website here.

2 Comments

  1. Krishna kumar singh November 19, 2016
  2. Imran November 19, 2016

Add Comment