A Couple Of Kids Discovered How To Break And Bypass Linux Mint Screensaver Lock
If you give some kids restricted access to technology, they are bound to find a loophole or bug that lets them do what they want regardless. After being asked by his kids to “hack” his Linux desktop, one Dad let the kids play with the keyboard. This button-mashing actually crashed the machine's screensaver by sheer luck, allowing them onto the desktop, ultimately leading to the discovery of a high priority security vulnerability for the Linux Mint team.
The bug report, posted to GitHub by user Robo2Bobo, states that it became possible to crash the screensaver and unlock the desktop via the virtual keyboard. Robo2Bobo then explained that this was found because “A few weeks ago, my kids wanted to hack my Linux desktop, so they typed and clicked everywhere, while I was standing behind them looking at them play... when the screensaver core dumped and they actually hacked their way in!”
After it happened the first time, the cybersecurity-focused family managed to reproduce the issue. Robo2Bobo tried to do it on his own but couldn’t, perhaps “because it required more than 4 little hands typing and using the mouse on the virtual keyboard.” Either way, once it happened, the desktop could not be re-locked as the kids properly killed the screensaver process, and it would no longer work.
Evidently, this issue affects any Linux distribution using Cinnamon 4.2+ and any software using libcaribou, an on-screen keyboard (OSK) component, according to Linux Mint lead developer Clement Lefebvre. However, there is now a fix for Linux Mint, so it is time to update if you believe you are afflicted. Also, a setting to disable the on-screen keyboard is in the works for Mint, so vulnerabilities like this can be solved in the short term easily. The moral of the story? Hackers come in all shapes, sizes and apparently now ages, too.