OPEN SOURCE OS Ubuntu has a bug that allows anyone to bypass a machine's lock screen, providing they have physical access to the computer's hard drive.
Real-world hackers can simply remove the hard drive of a machine they want access to providing it's running Ubuntu 16.04.4 and then skip straight past the lock screen.
It's a simple-sounding hack and works by exploiting a bug in how the system stores data when Ubuntu it's suspended in low-power mode.
According to an Ubuntu Launchpad forum discussion on the subject, a hacker can open some applications in Unbuntu such as LibreOffice or the browser, and put the machine in 'suspend mode' whereby it writes the last state of the machine into memory. From there, the attacker can remove the hard drive and unsuspended the system; when that happens they'll be presented with a lock screen that will accept any password.
The technique doesn't work every time and sometimes a random password won't be accepted. In that case, fast pressing the shutdown button grants access. If Ubuntu doesn't end up showing a lock screen then the process can be repeated until it does.
While Ubuntu 16.04.4 seems to be suffering the most from the bug, other versions of the operating system also have the same issue.
One forum user, Marc Deslauriers, who it turns out is a security engineer at Canonical, noted that the bug is unlikely to get a fix.
"We're unlikely to fix this, since having physical access means an attacker could simply access the hard disk directly or replace the password on it and unlock the computer," he explained.
So while a hacker could access sensitive data using by exploiting this bug, said hacker would need to already be in a position to cause security problems in the first place. This bug is nothing like the severe password palaver macOS High Sierra that cropped up last year.
Still, it's worth bearing that in mind if you're an Ubuntu user and Adam from accounts is sniffing around your machine in a questionably sly fashion. µ
Takeover could give the firm an Edge over rivals
Discovery suggests Apple are a bunch of Cox
Firm becomes last UK operator to flip the switch