Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Cloud Privacy Security Software

New Cloud Attack Takes Full Control of Virtual Machines With Little Effort (arstechnica.com) 34

C3ntaur writes: The world has seen the most unsettling attack yet resulting from the so-called Rowhammer exploit, which flips individual bits in computer memory. It's a technique that's so surgical and controlled that it allows one machine to effectively steal the cryptographic keys of another machine hosted in the same cloud environment. Until now, Rowhammer has been a somewhat clumsy and unpredictable attack tool because it was hard to control exactly where data-corrupting bit flips happened. While previous research demonstrated that it could be used to elevate user privileges and break security sandboxes, most people studying Rowhammer said there was little immediate danger of it being exploited maliciously to hijack the security of computers that use vulnerable chips. The odds of crucial data being stored in a susceptible memory location made such hacks largely a matter of chance that was stacked against the attacker. In effect, Rowhammer was more a glitch than an exploit. Now, computer scientists have developed a significantly more refined Rowhammer technique they call Flip Feng Shui. It manipulates deduplication operations that many cloud hosts use to save memory resources by sharing identical chunks of data used by two or more virtual machines. Just as traditional Feng Shui aims to create alignment or harmony in a home or office, Flip Feng Shui can massage physical memory in a way that causes crypto keys and other sensitive data to be stored in locations known to be susceptible to Rowhammer. The research paper titled "Flip Feng Shui: Hammering a Needle in the Software Stack" can be read here.
This discussion has been archived. No new comments can be posted.

New Cloud Attack Takes Full Control of Virtual Machines With Little Effort

Comments Filter:
  • by OverlordQ ( 264228 ) on Thursday September 01, 2016 @05:20PM (#52811309) Journal

    Flip Feng Shui can massage physical memory in a way that causes crypto keys and other sensitive data to be stored in locations known to be susceptible to Rowhammer.

    For SSH, since you can only flip one bit, you have to already know the public key you want to exploit, find a easily factorizable key one bitflip away, then get the host to dedup. So no, this wont allow somebody to hack into arbitrary servers, only if there's already been data exfiltrated.

  • Bit late to the party /.
    How many VMs have already been compromised?

    • Hardly any. Unless you're an idiot posting your public key everywhere or reusing a key, there's zero chance of this happening to you.

  • by Anonymous Coward on Thursday September 01, 2016 @05:24PM (#52811337)

    Rowhammer in all its incarnations is not the problem. If you are vulnerable to such attacks it is because your RAM is defective. Can we stop pretending this is an exploit we need elaborate schemes to protect against and just call it what it is: A crappy products that need to be replaced from manufacturers that need to be held accountable for it.

  • by Anonymous Coward

    Cloud services are a thunderstorm of shit waiting to fall on your head.

  • Aren't modern servers tested for rowhammer?
    My HP Integrity's offline diagnostics does three hammering tests, and will fail the diag if even a single read does not match what it should - and this is on a machine nearly 10 years old (though the diag disc is from 2012).

    • by epine ( 68316 )

      and this is on a machine nearly 10 years old

      No doubt, as you're hammering on DRAM cells the size of small battleships.

      It's a whole different matter when your DRAM cells have their little button noses pressed up against the scaling wall.

    • It's a bug in implementation. Not low quality hardware as this is designed to share ram like a pointer

  • Calling it Feng Shui has a good ring to it - like Feng Shui, this is seems to be an overhyped PoS.
  • Not that easy (Score:5, Interesting)

    by Barnoid ( 263111 ) on Thursday September 01, 2016 @06:49PM (#52811797)

    It's an interesting idea and nicely carried out, but in the real world I doubt this is of much concern. For the attack to be successful, all of the following must hold
    1. memory susceptible to rowhammer attack (in itself not trivial - only few and given memory locations can be flipped)
    2. VM manager merges physically identical pages of unrelated VMs (i.e., the identical memory pages of different VMs point to the same physical page)
    3. attacker VM must know the contents of the page in the victim VM
    4. attacker must register a page with the to-be-attacked contents before the victim VM does so that it can somewhat control its physical location and use rowhammer on it

    Especially #3 is not easy. In the paper, the authors assume they know all SSH authorized keys of the victim page which seems a bit far-fetched. Pages holding OS contents are easier to guess; I think an attack on those is more probable.

    Also, the fix is trivial. Don't buy cheap RAM that can be attacked with rowhammer for your data centers.

    • 3. attacker VM must know the contents of the page in the victim VM

      Not that hard... Often people will use a public virtual machine image for database server, proxy, load-balancer, or container host. I'm sure coreos is rarely customized, I see few reasons to do. It's often neat to attach extra disks and use cloud-init to configure VMs, rather than building custom VMs.

      And even if you do build custom VMs, you're often basing it of some official VM.

    • For the attack to be successful, all of the following must hold...

      And yet, the old NSA saying that "attacks only get better, they never get worse", is an apt reminder. While it may not be practical today, it was just made more practical. Whatever happens next, the attack will not get worse. Expect people to work at all the listed limitations, and who knows...

      So, even if there isn't reason to suspect a full blown jump-out-of-the-windows fire just yet, there's a definite smell of smoke in the air.

  • Cloud attack starts at about 0:54 https://www.youtube.com/watch?... [youtube.com] (Monkey Magic)
  • First the obvious Dropbox hassles, next the obvious single signon hassles and now this.

    A while ago a popular VM hosting application used to tell everyone on a splash screen on startup that Virtual Machines are not a security feature.
    If you want security you use something designed for it - chroot, zones, "containers" - plenty of choice.
  • Many and mean corporations are moving to the cloud or already there.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...