Update if you're not using the latest version of Ubuntu - they might skip the lock screen

Ubuntu lock screen

I have always found some "funny", in quotes, those videos that go viral and show how you can skip the lock screen of a mobile with Android or iOS without using the password, which in English is known as a "bypass ». The dance of touches and things to do suggests how much time people have to do "nonsense." It is also possible that they have achieved this by analyzing the code and finding certain bugs. However it is discovered, there was a similar flaw in Ubuntu, Specifically Groovy gorilla and Focal Fossa.

The bug appears on Canonical's security website as USN-4958-1, and the description at the beginning does not set off any alarms: applications that use Caribou It will close unexpectedly if given a specially designed entrance. Because what is Caribou? What is the problem if I never use it? As we read in the official software page, it is basically a virtual keyboard. The problem or why a failure in it is serious is that it appears on the lock screen.

Caribou can make Ubuntu lock screen bypass

What is a little more scary is reading the "Details" section:

The Caribou on-screen keyboard was found to be able to crash when given certain input values. An attacker could use this to bypass screen lock apps that support using Caribou as an input mechanism.

The solution is simple: if someone is using Ubuntu 20.10 or Ubuntu 20.04, you just have to launch the software center and apply the updates, accept the message that warns that it is available or open a terminal and write sudo apt update && sudo apt upgrade. In either case, a Caribou update that is no longer affected will be installed. It is not a bug that anyone can exploit, but it is worth fixing as soon as possible.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.