Ubuntu local Authorization Bypass Bug provavelmente para nunca ser resolvido?

foi apenas relatado que um bug arquivado em Ubuntu Launchpad (dubbed Local authorization bypass by using suspend mode) about a month ago has been confirmado by several users. The bug allows an individual with physical access to a machine to evade the lock screen simply by removing its hard drive.

The bug could allow access to the latest user opened applications which are highly likely to contain sensitive details such as documents, all sorts of private information, senhas.

Pelo visto, as reported on Ubuntu Launchpad, the bug has been tested on the following:

  • Ubuntu 14.04
  • Ubuntu 16.04
  • Ubuntu 16.10
  • Ubuntu 17.04

It has been confirmed that the bug affects all of the above-mentioned versions. It is still not known whether it affects other versions of Ubuntu as well as other distros. Contudo, experts suspect that the bug may compromise other distributions that are based on Ubuntu 16.04, like Linux Mint 18. One user has confirmed that the bug also affects Mate 18.04.

How is an attack based on this bug possible?

As explained in the bug description:

1. open some applications (LibreOffice, navegadores, editors, …)
2. go to suspend mode
3. extract hard drive
4. wake up
5. after that can be several behaviors:
* Ubuntu show lock screen. Enter ANY password -> access granted.
* Ubuntu show lock screen. Enter ANY password, access denied. Fast press the hardware shutdown button -> access granted.
* Ubuntu does not show lock screen, only black screen. We can repeat actions like in previous paragraphs

Attackers may also try the password and be denied access. In case this happens, they can fast press the hardware shut down button and obtain access nonetheless. Another possible scenario is that no lock screen appears but instead the screen goes black in which case the steps described above can still be put into motion.

Marc Deslauriers, a security engineer at Canonical, acredita this bug will most likely never be fixed simply because having physical access means an attacker could access the hard disk directly or replace the password on it and unlock the machine anyway.

Contudo, an Ubuntu user has pointed out that the screensaver software could handle the issue to prevent unauthorized access. “I believe that screensaver should handle exceptions in the underlying libraries in such a way to prevent unauthorized access even if underlying library is faulty,” the user said.

Another user underlined thatthe system must not give an access to the system with wrong passwords“, asking Ubuntu developers topay attention” e “don’t ignore the issue“.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar