New hacking technique imperceptibly changes memory virtual servers
For the first time ever a team of Dutch hacking experts, led by cyber security professor Herbert Bos, managed to alter the memory of virtual machines in the cloud without a software bug, using a new attack technique.
With this technique an attacker can crack the keys of secured virtual machines or install malware without it being noticed. It’s a new deduplication-based attack in which data can not only be viewed and leaked, but also modified using a hardware glitch. By doing so the attacker can order the server to install malicious and unwanted software or allow logins by unauthorized persons.
Deduplicationand Rowhammer bug
With the new attack technique Flip Feng Shui (FSS), an attacker rents a virtual machine on the same host as the victim. This can be done by renting many virtual machines until one of them lands next to the victim. A virtual machine in the cloud is often used to run applications, test new software, or run a website. There are public (for everyone), community (for a select group) and private (for one organization accessible) clouds. The attacker writes a memory page that he knows exists in the victim on the vulnerable memory location and lets it deduplicate. As a result, the identical pages will be merged into one in order to save space (the information is, after all, the same). That page is stored in the same part of the memory of the physical computer. The attacker can now modify the information in the general memory of the computer. This can be done by triggering a hardware bug dubbed Rowhammer, which causes flip bits from 0 to 1 or vice versa, to seek out the vulnerable memory cells and change them.
The researchers of the Vrije Universiteit Amsterdam, who worked together with a researcher from the Catholic University of Leuven, describe in their research two attacks on the operating systems Debian and Ubuntu. The first FFS attack gained access to the virtual machines through weakening OpenSSH public keys. The attacker did this by changing the victim’s public key with one bit. In the second attack, the settings of the software management application apt were adjusted by making minor changes to the URL from where apt downloads software. The server could then install malware that presents itself as a software update. The integrity check could be circumvented by making a small change to the public key that verifies the integrity of the apt-get software packages.
Debian, Ubuntu, OpenSSH and other companies included in the research were notified before the publication and all have responded. The National Cyber Security Centre (NSCS) of the Dutch government has issued a fact sheet containing information and advice on FFS.
The Latest on: Hacking
via Google News
The Latest on: Hacking
- State and Local Governments Face Iranian Hacking Threatson January 11, 2020 at 7:59 am
Here’s a quick roundup after the fast-moving global hacking situation, which threatens to impact state and local governments and U.S. critical infrastructure: CNN Business: Hacking attempts ...
- New warnings of hacking risks for voting systems connected to the interneton January 10, 2020 at 4:23 pm
A group of cyber security experts found election systems in some precincts in 11 states online, warning that hackers could try to target them. The CEO of the nation’s largest voting machine ...
- Second defendant in Shinnecock hacking case expected to be sentencedon January 10, 2020 at 2:54 pm
A second defendant is expected to be sentenced in federal court on Monday in a case of computer hacking that divided the Shinnecock Indian Nation as it sought to open casinos in the state nearly a ...
- An Iranian Hacking Campaign, Social Media Surveillance, and More Newson January 9, 2020 at 10:08 am
Here's the news you need to know, in two minutes or less. In a new report, the security firm Dragos details hacking activity against American electric utilities and attributes it to a group of Iranian ...
- Iranian hacking attempts triple after U.S. strike: RPTon January 9, 2020 at 7:51 am
Cyxtera Federal Group CISO and Executive Vice President Leo Taddeo joins the On The Move panel to discuss how Iranian cyberattacks could impact the United States.
- These hacking groups are eyeing power grids, says security companyon January 9, 2020 at 7:51 am
At least three hacking groups have the capability to interfere with or disrupt power grids across the US – and the number of cyber-criminal operations targeting electricity and other utilities is on ...
- British banks hit by hacking of foreign exchange firm Travelexon January 9, 2020 at 7:47 am
Britain's largest retail banks have been forced to halt processing foreign currency orders after a cyberattack on exchange provider Travelex.
- Pwn2Own Hacking Competition Returns in March, Up to $130,000 in Prizes Available for Safari Vulnerabilitieson January 9, 2020 at 7:02 am
Trend Micro today announced that its annual Pwn2Own hacking competition will be held March 18-20 in Vancouver, Canada. Pwn2Own, part of the CanSecWest conference, tasks security researchers with ...
- Justice, FBI pressed on Obama hacking allegations against Benghazi reporteron January 9, 2020 at 6:28 am
Wrote Johnson in the letter shown below: “In 2013, as ranking member of this committee, Senator Tom Coburn sought answers from then-Attorney General Eric Holder regarding the government’s actions in ...
- Hacking attempts originating in Iran nearly triple following Soleimani strike, researchers sayon January 8, 2020 at 6:05 pm
Hackers looking to breach US computer networks sharply intensified their efforts following the death of Iranian military leader Qasem Soleimani, but have had limited success, according to internet ...
via Bing News