Companies hosting on Amazon Web Services, Microsoft Azure and Google public clouds have been warned about a new security risk affecting virtualised environments.
Bitdefender has discovered a vulnerability that allows the decryption of communications between end users and a virtualised server in real-time using the Transport Layer Security (TLS) protocol.
This attack works against virtualised environments that run on top of a hypervisor, which would include infrastructure-as-a-service provided by AWS, Google and Microsoft Azure, according to Bitdefender.
Bitdefender's proof of concept presented on 26 May at HITB Conference in Amsterdam revealed a lapse that can only be fixed by rewriting the cryptographic libraries currently in use.
Bitdefender discovered this attack vector while researching a way to monitor malicious outbound activity on its honeypot network without tampering with the machine or tipping attackers off that they were being watched.
Knowing the serious implications this attack could have the company has disclosed it in detail. The technique is called TeLeScope and was developed for research purposes, according to Bitdefender.
A server administrator with access to the hosting server’s hypervisor could monitor e-mail addresses, banking transactions, chats, personal photos and other private data.
Bitdefender said in a statement: "While accessing the virtual machine’s virtual resources was something that we already knew (having access to the machine’s HDD, for instance), real-time decryption of the TLS traffic without pausing the VM at a blatantly visible timeframe had not been achieved before."
Bitdefender security researcher Radu Caragea said: "Instead of pausing the machine (which would introduce noticeable latency) and doing a full memory dump, we developed a memory diffing technique using primitives already present in hypervisor technologies.
"Then, although this allows reducing the dump from gigabytes to megabytes, the time taken to write this quantity to a storage is still non-negligible (on the order of a few milliseconds) and thus we show how to further 'disguise' the process in network latency, without having to pause the machine at all."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
