Attackers with a little more than a minute to spare can get their foot in the door on Linux boxes by holding down the Enter key for 70 seconds – an act that gifts them a root initramfs shell.
The simple exploit, which requires physical access to the system, exists due to a bug in the Linux Unified Key Setup (LUKS) used in popular variations of Linux. With access to an initramfs environment shell, an attacker could then attempt to decrypt the encrypted filesystem by brute-force. The attack also potentially works on virtual Linux boxen in clouds.
Debian and Fedora are confirmed as suffering from this problem.
The problem was identified by Hector Marco, a lecturer at the University of the West of Scotland, together with Polytechnic University of Valencia assistant professor Ismael Ripoll. The pair say the problem does not require particular system configuration and offer the following analysis of the flaw:
This vulnerability allows to obtain a root
initramfs shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations.
Attackers can copy, modify or destroy the hard disc as well as set up the network to exfiltrate data. This vulnerability is especially serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protect (password in BIOS and GRUB) and we only have a keyboard or/and a mouse.