'Press enter key' exploit defeats Linux encryption

Attackers can gain complete remote control over encrypted Linux machines by holding down the enter key, thanks to a critical and easy to exploit vulnerability discovered in the most popular Linux file system encryption platform.

University of the West of Scotland lecturer Hector Marco and Polytechnic University of Valencia assistant professor Ismael Ripoll found vulnerabilities in the way Cryptsetup decrypts systems encrypted using Linux Unified Key Setup (LUKS).

It allows remote attackers to decrypt Linux cloud instances and physical attackers to compromise any affected machine they find.

Attackers need only hold the enter key for 70 seconds to exploit the flaw and gain a root shell.

Marco and Ripoll say the flaw may have been introduced when other security fixes were implemented.

Attackers can copy, modify or destroy the hard disc as well as set up the network to exflitrate data, the pair said.

"This vulnerability is specifically serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protect (password in BIOS and GRUB loader) and we only have a keyboard or/and a mouse," they wrote.

"The direct cause of this vulnerability is the improper checking of the maximum number of passwords, but the bug was probably introduced by the addition of new features -- in this case security features."

The pair say attackers can gain root initramfs shell on vulnerable systems through what they describe as a "very reliable" exploit that does not depend on specific systems or configurations.

Marco and Ripoll have developed a patch and a workaround that will mitigate the attack.

The researchers say the opportunity for in-hand hacking will escalate with the growth of Linux-based internet of things devices. Security industry experts already consider mere physical access to machines akin to complete device compromise thanks to the significantly broadened attack surface offered over remote attacks.