Researchers Warn Linux Vendors About Cloud-Memory Hacking Trick

An anonymous Slashdot reader writes:
Hacking researchers have uncovered a new attack technique which can alter the memory of virtual machines in the cloud. The team, based at Vrije Universiteit, Amsterdam, introduced the attack, dubbed Flip Feng Shui (FFS)…and explained that hackers could use the technique to crack the keys of secured VMs or install malicious code without it being noticed…

Using FFS, the attacker rents a VM on the same host as their chosen victim. They then write a memory page which they know exists on the vulnerable memory location and let it de-duplicate. The identical pages, with the same information, will merge in order to save capacity and be stored in the same part of memory of the physical computer. This allows the hacker to change information in the general memory of the computer.
The researchers demonstrated two attacks on Debian and Ubuntu systems — flipping a bit to change a victim’s RSA public key, and installing a software package infected with malware by altering a URL used by apt-get. “Debian, Ubuntu and other companies involved in the research were notified before the paper was published, and have all responded to the issue.”


Share on Google+

Read more of this story at Slashdot.

Clip to Evernote

Leave a Reply

Your email address will not be published. Required fields are marked *