Jump to content

Check us out:

Photo
- - - - -

Ubuntu bug allows anyone with physical access to bypass your lock screen

ubuntu

  • Please log in to reply
1 reply to this topic

#1
Falkes

Falkes
  • Tb:30445
  • Discord:Falkes#6861
  • Gender:Male
  • Location:Paris/France
  • Server:Bunker #4
Click to view battle stats

gallery_328_43_4.jpg

A bug filed on Ubuntu Launchpad in the middle of June has just been made public. The bug in question appears to allow anyone with physical access to the computer bypass the lock screen by just removing the hard drive. The bug was tested on Ubuntu 16.04.4 and it’s unclear whether it affects other versions of Ubuntu or other distributions but there’s an almost certain chance it affects other distributions based on Ubuntu 16.04, such as Linux Mint 18.

The attack works in the following way, a user boots into Linux and opens up their programs and files, then the machine is suspended and it goes into low power mode and writes the state of the machine to memory. At this point an attacker can remove the hard drive and wake up the system; now they’ll either see the lock screen and be able to enter any password to gain access. They might try the password and be denied access at which point they can fast press the hardware shut down button and gain access, or no lock screen will appear but instead the screen will be black and the previous steps can be attempted.

Discussing the bug, Marc Deslauriers a security engineer at Canonical said:

“We're unlikely to fix this, since having physical access means an attacker could simply access the hard disk directly or replace the password on it and unlock the computer.”

Another user suggested that the screensaver software could handle the problem:

“I believe that screensaver should handle exceptions in the underlying libraries in such a way to prevent unauthorized access even if underlying library is faulty.”

If it’s the case that the screensaver package can be updated to fix the issue, a fix might be able to be applied upstream as it is used in Debian too.


  • Screwloose likes this

#2
Screwloose

Screwloose

    Will Become Famous Soon Enough

  • Old retired farts
  • 1,558 posts
  • Gender:Male
  • Location:Sewers of NYC
  • Server:Bunker #1
Click to view battle stats

Great Info Thanks  Falkes

 

Salut!!







Also tagged with one or more of these keywords: ubuntu