Following the earlier security scares in June, Amazon’s Web Services have now been hit by another attack. Just how safe is the cloud? Guy Daniels reports.
According to security researchers from Germany’s Ruhr-University Bochum, Amazon’s cloud services are vulnerable to attack via what they say is a “massive security gap” that puts user accounts and data at risk. Apparently, Amazon Web Services (AWS) was vulnerable to attacks that include “signature wrapping and cross site scripting”.
Since the team reported its findings, the security holes have been closed. However, the researchers believe similar security holes may still be open in other cloud infrastructure services. Juraj Somorovsky, one of the researchers at Ruhr-University, said:
“Using different kinds of XML signature wrapping attacks, we succeeded in completely taking over the administrative rights of cloud customers. This allowed us to create new instances in the victim’s cloud, add or delete images.”
Fellow researcher Mario Heiderich explained how they also uncovered gaps in the AWS interface, through which they could add executable script code:
“We had free access to all customer data, including authentication data, tokens, and even plain text passwords. It’s a chain reaction. A security gap in the complex Amazon shop always also directly causes a gap in the Amazon cloud.”
The news site CRN picked up the report and contacted Amazon, who said that the flaws uncovered by the German university team had not impacted any of its customers. It also disputed the extent of the security problem as well as the methods used, saying:
“Customers fully implementing the AWS security best practices were not susceptible to these vulnerabilities.”
Nonetheless, this isn’t the first time that Amazon’s cloud services have been caught wanting. At the start of June, Dmitry Bestuzhev of Kaspersky Lab discovered that AWS was hosting numerous pieces of malware that can identify and steal financial data. The malware was identified as coming from hackers in Brazil.
Writing on his blog
, he said:
“Brazilian cyber criminals intentionally launched the attack on Friday night. They know that usually it takes more time to detect and neutralize threats launched during the weekend. The same technique has been widely used by phishers for a while. In order to avoid falling victim to these kinds of attacks, Web users should pay special attention to any suspicious issue during the weekend.”
Although Amazon responded quickly to the attack and removed all malicious links, Bestuzhev remains concerned:
“I believe legitimate cloud services will continue to be used by criminals for different kinds of cyber-attacks. Cloud providers should start thinking about better monitoring systems and expanding security teams in order to cut down on malware attacks enabled and launched from their cloud.”
Later in June, scientists from the Darmstadt Research Centre for Advanced Security in Germany discovered that Amazon’s EC2 and S3 cloud services are vulnerable to attack through security holes that are left open by users who fail to follow Amazon’s security guidelines. Researcher Ahmad-Reza Sadeghi explained:
“The problem clearly lies in the customers’ unawareness and not in Amazon Web Services. We believe that customers of other cloud providers endanger themselves and other cloud users similarly by ignoring or underestimating security recommendations.”
A final salutary comment from the team at Ruhr-University:
“A major challenge for cloud providers is ensuring the absolute security of the data entrusted to them, which should only be accessible by the clients themselves. Therefore it is essential that we recognize the security gaps in cloud computing and avoid them on a permanent basis.”
please sign in to rate this article