Ubuntu Security Flaw Lets Attackers Bypass Full Disk Encryption
#OMGUbuntu article: https://www.omgubuntu.co.uk/2025/07/ubuntu-security-initramfs-bypass-encryption

“Not all #Linux distributions are affected, such as #OpenSUSE_Tumbleweed.”

“#Attackers with physical access to a Linux system can access a debug shell simply by entering the wrong #decryption #password several times in a row. On Ubuntu, they hit esc at the password prompt, punch in a few key combos and debug shell appears.
They can mount a USB drive with tools that let them modify the #initramfs (Initial RAM Filesystem – a temporary system run during boot to prep the main OS) to inject #maliciouscode, and then repack it – without tripping any #security flags.
Then, the next time the owner boots up their #laptop and enters their correct password, the code runs with elevated privileges to do whatever the #attacker wants.”

“Impactful though this exploit could be in the wild, there is no reason for most #Ubuntu users to be concerned about it.
This #vulnerability is what the security industry refer to as an '#evilmaidattack': it requires physical access to a #device to pull off.”

“Finally, protecting against this #vulnerability is easy. Users can simply tweak their system #kernel so that the #computer #reboots on failed password attempts, instead of providing a #debug shell.”

@lzg I think everyone knows better than to leave you alone with a laptop #evilmaidattack

https://en.wikipedia.org/wiki/Evil_Maid_attack

#infosec
The #SANS_ISC has a new diary entry about simple steps to prepare against an #EvilMaidAttack:
https://isc.sans.edu/diary/rss/29256

I always liked the idea with the glitter nail polish, but never implemented it. I bet it will lead to interesting discussions if someone notices the colored spots on the underside of your laptop. 😄
And I should definitely play around with #QubesOS.