New research at MIT and the University of California shows how cloud service providers using virtualization on virtual machines belonging to multiple customers is creating data risks. These cloud infrastructures let attackers locate and eavesdrop on virtual machines anywhere in the cloud.
The attack described in the report was against Amazon’s Elastic Computer Cloud (EC2) service. Most troubling is the fact that the vulnerabilities that enabled the attack are generic and likely exist with other cloud providers.
“The research raises questions about a fundamental assumption about cloud computing which says that data hosted in a cloud is relatively safe from targeted attacks because it’s hard to know where in the cloud the data is located,” according to IDG Connect. “The research also comes at a time when concerns are high about security and privacy issues related to cloud computing.”
It’s possible for attackers to identify the physical server on which a targeted virtual machine is hosted in the cloud, the researchers found. The attackers can then establish a rogue virtual machine on the same machine to go after the victim.
Hopefully, as cloud technology evolves, these risks will be reduced.
If you’re interested in reading the research paper, click here.