Stories
Slash Boxes
Comments

SoylentNews is people

New Cloud Attack Takes Full Control of Virtual Machines With Little Effort

posted by janrinok on Thursday September 01 2016, @08:39PM   Printer-friendly
from the you're-not-meant-to-do-that dept.

A very anonymous AC submits the following:

http://arstechnica.com/security/2016/08/new-attack-steals-private-crypto-keys-by-corrupting-data-in-computer-memory/

The research team, which also included a member from Belgium's Katholieke Universiteit Leuven, went on to show how an attacker VM can use Flip Feng Shui to compromise RSA cryptography keys stored on another VM hosted in the same cloud environment. In one experiment, the attacker VM compromised the key used to authenticate secure shell access, a feat that allowed the VM to gain unauthorized access to the target. In a separate experiment, the attacker VM compromised the GPG key used by developers of the Ubuntu operating system to verify the authenticity of updates. With the compromised GPG key, the attacker VM was able to force the target to download and install a malicious update.

"Virtual Inception" could be a good name for this specific use of "Flip Feng Shui" :).

I wonder how well ECC protects from such attacks: http://arstechnica.com/security/2016/03/once-thought-safe-ddr4-memory-shown-to-be-vulnerable-to-rowhammer/

Original Submission

 
This discussion has been archived. No new comments can be posted.
New Cloud Attack Takes Full Control of Virtual Machines With Little Effort | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Insightful) by vux984 on Thursday September 01 2016, @10:47PM

    by vux984 (5045) on Thursday September 01 2016, @10:47PM (#396434)

    I read a comment on /. that I tend to agree with. The problem here is simply an exploitable hardware defect. There might be some effective software workarounds and mitigations to get us through; but ultimately this needs to be solved with hardware that isn't susceptible to rowhammer type attacks.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 0) by Anonymous Coward on Friday September 02 2016, @05:48AM

    by Anonymous Coward on Friday September 02 2016, @05:48AM (#396562)

    I only partially agree.

    This is a combination of two weaknesses - row-hammer and information leakage via dedupe. We meed to fix row-hammer (which ECC apparently takes care of) but we also need to mitigate dedupe because it may be combined with other weaknesses to produce other exploits. It might be sufficient to empower the application to flag a page as ineligible for dedupe. But... that would require the developer to understand all of their points of vulnerability so it might be too fragile of a solution. I don't know what the best answer is, but I am confident that focusing on row-hammer is necessary but not sufficient.