New hacking technique imperceptibly changes memory virtual servers
For the first time ever a team of Dutch hacking experts, led by cyber security professor Herbert Bos, managed to alter the memory of virtual machines in the cloud without a software bug, using a new attack technique.
With this technique an attacker can crack the keys of secured virtual machines or install malware without it being noticed. It’s a new deduplication-based attack in which data can not only be viewed and leaked, but also modified using a hardware glitch. By doing so the attacker can order the server to install malicious and unwanted software or allow logins by unauthorized persons.
Deduplicationand Rowhammer bug
With the new attack technique Flip Feng Shui (FSS), an attacker rents a virtual machine on the same host as the victim. This can be done by renting many virtual machines until one of them lands next to the victim. A virtual machine in the cloud is often used to run applications, test new software, or run a website. There are public (for everyone), community (for a select group) and private (for one organization accessible) clouds. The attacker writes a memory page that he knows exists in the victim on the vulnerable memory location and lets it deduplicate. As a result, the identical pages will be merged into one in order to save space (the information is, after all, the same). That page is stored in the same part of the memory of the physical computer. The attacker can now modify the information in the general memory of the computer. This can be done by triggering a hardware bug dubbed Rowhammer, which causes flip bits from 0 to 1 or vice versa, to seek out the vulnerable memory cells and change them.
The researchers of the Vrije Universiteit Amsterdam, who worked together with a researcher from the Catholic University of Leuven, describe in their research two attacks on the operating systems Debian and Ubuntu. The first FFS attack gained access to the virtual machines through weakening OpenSSH public keys. The attacker did this by changing the victim’s public key with one bit. In the second attack, the settings of the software management application apt were adjusted by making minor changes to the URL from where apt downloads software. The server could then install malware that presents itself as a software update. The integrity check could be circumvented by making a small change to the public key that verifies the integrity of the apt-get software packages.
Debian, Ubuntu, OpenSSH and other companies included in the research were notified before the publication and all have responded. The National Cyber Security Centre (NSCS) of the Dutch government has issued a fact sheet containing information and advice on FFS.
The Latest on: Hacking
via Google News
The Latest on: Hacking
- Apple says China’s Uighur Muslims were targeted in the recent iPhone hacking campaignon September 6, 2019 at 4:27 pm
In the wake of one of the worst attacks ever against iPhone and iPad security, Apple issued a rare statement on Friday rebutting claims about the attack made by Google in a blog post last week. The ...
- Washington woman pleads not guilty to federal fraud charges in Capitol One hacking caseon September 6, 2019 at 2:44 pm
SEATTLE (AP) - A Washington software engineer who authorities say gained access to personal information from more than 100 million Capitol One credit applications has pleaded not guilty to federal ...
- One Read: Hacking the systemon September 6, 2019 at 11:13 am
Editor’s note: For four Sundays in September, Daniel Boone Regional Library’s Ida Fogle will reflect on various themes and topics in this year’s One Read title, Jessica Bruder’s “Nomadland.” “Many of ...
- Apple responds to iOS hacking campaign targeting Uighur Muslims in Chinaon September 6, 2019 at 10:51 am
Apple provided more details on a hacking campaign targeting iPhones. Apple vulnerabilities are rare and often worth millions-- so it was a revelation when Google disclosed a string of security flaws ...
- Apple Finally Breaks Its Silence on iOS Hacking Campaignon September 6, 2019 at 8:12 am
Late last Thursday, Google security researchers dropped a bombshell: Someone had launched a sustained attack against iPhone users that compromised their devices almost instantly when they visited ...
- Belarusian police shut down notorious hacking forumon September 5, 2019 at 9:00 pm
Belarusian authorities have seized the servers of a notorious hacking forum that served as a meeting place for malware authors, hackers, spammers, botnet operators, and other cyber-criminals, the ...
- Capital One hacking suspect pleads not guilty to federal computer, wire fraud chargeson September 5, 2019 at 6:34 pm
The Seattle software engineer known online as “erratic,” who is accused of hacking into Capital One’s computer systems and compromising the personal data of more than 100 million customers, pleaded ...
- NSA: Just say no to hacking backon September 5, 2019 at 3:24 pm
The NSA is taking a strong stance against hacking back. If an organization should see evidence of an ongoing cyberattack, it should alert the FBI or Homeland Security, Glenn Gerstell, the National ...
- Duo ‘doxxed’ dozens of North Jersey cops after hacking into medical database, prosecutors sayon September 4, 2019 at 5:27 pm
A pair of 20-somethings hacked into a secure medical database to steal the personal information of 38 North Jersey public employees, most of whom were cops, and posted the information online, ...
- IoT botnet creator cops plea to hacking more than 800,000 deviceson September 4, 2019 at 12:46 pm
A 21-year-old Washington man has pleaded guilty to creating botnets that converted hundreds of thousands of routers, cameras, and other Internet-facing devices into money-making denial-of-service ...
via Bing News