It was just reported that a bug filed on Ubuntu Launchpad (dubbed Local authorization bypass by using suspend mode) about a month ago has been confirmed by several users. The bug allows an individual with physical access to a machine to evade the lock screen simply by removing its hard drive.
The bug could allow access to the latest user opened applications which are highly likely to contain sensitive details such as documents, all sorts of private information, passwords.
Apparently, as reported on Ubuntu Launchpad, the bug has been tested on the following:
- Ubuntu 14.04
- Ubuntu 16.04
- Ubuntu 16.10
- Ubuntu 17.04
It has been confirmed that the bug affects all of the above-mentioned versions. It is still not known whether it affects other versions of Ubuntu as well as other distros. However, experts suspect that the bug may compromise other distributions that are based on Ubuntu 16.04, like Linux Mint 18. One user has confirmed that the bug also affects Mate 18.04.
How is an attack based on this bug possible?
As explained in the bug description:
1. open some applications (LibreOffice, browsers, editors, …)
2. go to suspend mode
3. extract hard drive
4. wake up
5. after that can be several behaviors:
* Ubuntu show lock screen. Enter ANY password -> access granted.
* Ubuntu show lock screen. Enter ANY password, access denied. Fast press the hardware shutdown button -> access granted.
* Ubuntu does not show lock screen, only black screen. We can repeat actions like in previous paragraphs
Attackers may also try the password and be denied access. In case this happens, they can fast press the hardware shut down button and obtain access nonetheless. Another possible scenario is that no lock screen appears but instead the screen goes black (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/ubuntu-local-authorization-bypass-bug/