Finding Security Vulnerabilities is Child’s Play

The nightmare scenario of juggling home working at the same time as keeping your children occupied has become a reality for many parents since the start of COVID-19, with the prospect of bored youngsters playing around with their computers a particular cause for headaches. However, a story has recently come to light showing that letting your children loose on your device can have its advantages.

In a bug report published on GitHub, a father going under the name robo2bobo revealed that his two children accidently uncovered a major security weakness on Linux systems, which enabled them to hack into his desktop. This occurred when they typed random keys simultaneously on both the physical and virtual keyboards.

“A few weeks ago, my kids wanted to hack my Linux desktop, so they typed and clicked everywhere, while I was standing behind them looking at them play...when the screensaver core dumped and they actually hacked their way in!” explained robo2bobo. He added: “I thought it was a unique incident, but they managed to do it a second time.”

After investigating the report, Linux Mint pinpointed the problem; a bug which occurred when users press the ē key on the on-screen keyboard. This can cause the screensaver to crash if the on-screen keyboard is opened from the screensaver. All Linux Mint distributions using a Cinnamon version of 4.2 and later were discovered to be vulnerable to this bypass, which has now been successfully patched.

Had these children not been messing around on their Dad’s computer, this flaw may have been exploited by a malicious actor to access locked desktops. The whole episode shows that, for all the sophisticated techniques and software out there, cybersecurity can sometimes just be child’s play.

What’s Hot on Infosecurity Magazine?