The myth is that if you want a super secure password, you let your cat run over your keyboard.
But, in a recent incident, a security flaw was discovered by two harmless kids by simply mashing the keyboard.
Yes, actually. The GitHub issue was raised a few weeks back and it looks like the Linux Mint team has finally fixed it.
Security flaws can be incredibly stupid and dangerous. Of course, I’m not judging anyone, we are humans after all. But this little incident is quite funny.
Screensaver Lock Bypass Security Flaw
I’m sure many of you must have taunted the kids to try unlocking your computer after you lock it (I did that a lot).
Similarly, two kids of wanted to hack in to their dad’s Linux desktop. Surprisingly, they actually did what they said. They unlocked access to the computer!
The GitHub issue describes this incident as follows:
A few weeks ago, my kids wanted to hack my linux desktop, so they typed and clicked everywhere, while I was standing behind them looking at them play… when the screensaver core dumped and they actually hacked their way in! wow, those little hackers… 🐈
Well, that’s definitely impressive for starters. But, seriously, what happened here?
As per the description of the issue, when you access the virtual keyboard while your system’s locked, and type at the physical keyboard and virtual keyboard at the same time (as many as keys possible), you can get your way in.
So, mashing the keys crashes the screensaver and lets you in.
It sounds so simple, but you really need to be enthusiastic enough to break in! On a serious note, this was definitely a significant security flaw using a basic mechanism.
Not just limited to the unauthorized access, but after the screensaver crashes, and once you log in, the user will also fail to lock in.
Also, it’s important to note that this was originally reproduced and observed using Fedora 32 but any distribution running Cinnamon 4.2+ was affected with this flaw.
Of course, thanks to the interesting and timely observation by robo2bobo.
Security can be something very complex and yet simple to break sometimes. What do you think? I’m sure there must have been a lot of similar simple security flaws in the past, feel free to let me know your thoughts in the comments blow.