New hacking technique imperceptibly changes memory virtual servers
For the first time ever a team of Dutch hacking experts, led by cyber security professor Herbert Bos, managed to alter the memory of virtual machines in the cloud without a software bug, using a new attack technique.
With this technique an attacker can crack the keys of secured virtual machines or install malware without it being noticed. It’s a new deduplication-based attack in which data can not only be viewed and leaked, but also modified using a hardware glitch. By doing so the attacker can order the server to install malicious and unwanted software or allow logins by unauthorized persons.
Deduplicationand Rowhammer bug
With the new attack technique Flip Feng Shui (FSS), an attacker rents a virtual machine on the same host as the victim. This can be done by renting many virtual machines until one of them lands next to the victim. A virtual machine in the cloud is often used to run applications, test new software, or run a website. There are public (for everyone), community (for a select group) and private (for one organization accessible) clouds. The attacker writes a memory page that he knows exists in the victim on the vulnerable memory location and lets it deduplicate. As a result, the identical pages will be merged into one in order to save space (the information is, after all, the same). That page is stored in the same part of the memory of the physical computer. The attacker can now modify the information in the general memory of the computer. This can be done by triggering a hardware bug dubbed Rowhammer, which causes flip bits from 0 to 1 or vice versa, to seek out the vulnerable memory cells and change them.
The researchers of the Vrije Universiteit Amsterdam, who worked together with a researcher from the Catholic University of Leuven, describe in their research two attacks on the operating systems Debian and Ubuntu. The first FFS attack gained access to the virtual machines through weakening OpenSSH public keys. The attacker did this by changing the victim’s public key with one bit. In the second attack, the settings of the software management application apt were adjusted by making minor changes to the URL from where apt downloads software. The server could then install malware that presents itself as a software update. The integrity check could be circumvented by making a small change to the public key that verifies the integrity of the apt-get software packages.
Debian, Ubuntu, OpenSSH and other companies included in the research were notified before the publication and all have responded. The National Cyber Security Centre (NSCS) of the Dutch government has issued a fact sheet containing information and advice on FFS.
The Latest on: Hacking
via Google News
The Latest on: Hacking
- Australian Political Parties Targeted In Mass Hacking Attempt on February 18, 2019 at 10:30 pm
Australian Prime Minister Scott Morrison says the country's major political parties have been hit by a hack on their computer networks. The government says the systems were infiltrated by a "sophistic... […]
- Briefing: China ‘strongly opposed against’ the claim of hacking Australian parliament on February 18, 2019 at 9:02 pm
What happened: China has dismissed suggestions that Beijing was involved in a cyberattack on Australia’s political parties. In a press briefing on Monday in Beijing, China’s foreign ministry spokesman ... […]
- Three nabbed for installing hacking device on ATM on February 18, 2019 at 8:04 pm
KUALA LUMPUR (Bernama): Police have arrested three men believed to be involved in installing a hacking device on an automated teller machine (ATM) on Jalan Changkat Bukit Bintang here last Sunday (Feb ... […]
- Kali Linux Ethical Hacking OS Kicks Off 2019 with Metasploit 5.0 and ARM Updates on February 18, 2019 at 5:33 pm
Offensive Security announced today the general availability of the Kali Linux 2019.1, the first update of the popular ethical hacking and penetration testing operating system in 2019. Kali Linux ... […]
- Apple to add extra security to iCloud following hacking scandal on February 18, 2019 at 4:29 pm
Apple has come under scrutiny in the past week, after a massive breach of iCloud led to nude photos of Jennifer Lawrence and other celebrities being leaked onto the internet. Apple CEO Tim Cook told T... […]
- Light Field Market Business Development Hacking Strategies by Predominant Players: Avegant, Lytro, Fovi 3D, Japan Display, Otoy on February 18, 2019 at 10:38 am
Light Field Market report provides an in-depth overview of product specification, technology, product type and production analysis considering major factors such as revenue, cost, gross and gross marg... […]
- China Denies Hacking Australian Parliament, Major Parties as Next Election Nears on February 18, 2019 at 5:08 am
Australia’s main political parties and the national Parliament have been targeted by a state-backed hacking attack just months before citizens head to the polls for federal elections. In a statement d... […]
- Australia blames ‘state actor’ for hacking political parties on February 18, 2019 at 4:32 am
CANBERRA, Australia — A “sophisticated state actor” was behind a cyberattack on the Australian Parliament’s computing network that also affected the network used by major political parties, the prime ... […]
- Australia blames ‘state actor’ for hacking political parties | The State on February 18, 2019 at 4:31 am
A "sophisticated state actor" was behind a cyberattack on the Australian Parliament's computing network that also affected the network used by major political parties, the prime minister said Monday. ... […]
- Spike in hacking of US networks is said to be tied to China and Iran on February 17, 2019 at 11:00 pm
SAN FRANCISCO — US businesses and government agencies have been targeted in aggressive attacks by Iranian and Chinese hackers who security experts believe have been energized by President Trump’s with... […]
via Bing News