Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bitdefender Finds 'Hypervisor Wiretap' For Reading TLS-Encrypted Communications (helpnetsecurity.com)

Posted by EditorDavid on from the cracking-the-cloud dept.

Orome1 quotes a report from HelpNetSecurity: Bitdefender has discovered that encrypted communications can be decrypted in real-time using a technique that has virtually zero footprint and is invisible to anyone except extremely careful security auditors. The technique, dubbed TeLeScope, has been developed for research purposes and proves that a third-party can eavesdrop on communications encrypted with the Transport Layer Security (TLS) protocol between an end-user and a virtualized instance of a server.
Bitdefender says the new technique "works to detect the creation of TLS session keys in memory as the virtual machine is running." According to HelpNetSecurity, this vulnerability "makes it possible for a malicious cloud provider, or one pressured into giving access to three-letter agencies, to recover the TLS keys used to encrypt every communication session between virtualized servers and customers. CIOs who are outsourcing their virtualized infrastructure to a third-party vendor should assume that all of the information flowing between the business and its customers has been decrypted and read for an undetermined amount of time."

10 of 86 comments (clear)

  1. How. Does. It. WORK. by Anonymous Coward · · Score: 3, Insightful

    Guise, I'm really not interested in your breathless teasers.

    Give me the rundown. How does it work? You know, the abstract, the overview, the quick so-and-so is what we did to make it work. If it's not in the summary then you're not doing your job. If it's not in the linked article, then you're just wasting my time. If it them might possibly maybe with a lot of luck be in a video of a conference that hasn't even been published yet, you're just taking the piss. I am not amused.

    WHERE ARE THE DETAILS?

    1. Re: How. Does. It. WORK. by Bruce+Perens · · Score: 4, Informative

      The host reads the virtual guest's memory and process state. This is absolutely no surprise, it was always implicit in virtualization systems.

      --
      Bruce Perens.
  2. Engineering Paper by bill_mcgonigle · · Score: 4, Insightful

    Skimmed the paper. It looks like a fair description of an engineering approach to exploit what we all already knew about hypervisors' access to their guests' memory and networking components. I don't see any revelations, just confirmation that you're not safe against a hostile hypervisor, with a somewhat practical attack method.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    1. Re:Engineering Paper by Anonymous Coward · · Score: 5, Insightful

      The next reveleation is that with physical access to the host servers, employees at datacenters could access any of the hard drives in a cloud environment, or even crash our machines indefinitely resulting in data loss!

  3. Re:This isn't a big deal, it's fucking huge. by Sax+Russell+5449D29A · · Score: 5, Insightful

    Well, this is a virtual machine they're eavesdropping on. Anyone running something on a virtual machine should always assume that the one controlling the underlying hardware can always see everything that's happening on the VMs too. My view has always been that if I don't have the physical hardware before my eyes, I have no real guarantee someone isn't tampering with it either legally or illegally. Heck, even if it's before my eyes, someone may still have tampered with it at some point in time, or even remotely.

    --
    -SR
  4. Re:This isn't a big deal, it's fucking huge. by Attila+Dimedici · · Score: 4, Interesting

    Yes, it is a big deal. But the key thing here is that the summary implies that this only works from the hypervisor to unwind encryption on a virtual machine which it is hosting. What this means is that the "cloud" is inherently insecure and that it cannot be secured. Something I have suspected since the "cloud" first became a thing.

    --
    The truth is that all men having power ought to be mistrusted. James Madison
  5. Re:This isn't a big deal, it's fucking huge. by Sarten-X · · Score: 4, Insightful

    What this means is that the "cloud" is inherently insecure and that it cannot be secured. Something I have suspected since the "cloud" first became a thing.

    What it really means is that IT managers need to do their jobs.

    A "cloud" isn't inherently insecure any more than it's inherently insecure to host your own servers, or to have them colocated at a datacenter, or to pay an outsourced company to just handle all the computer stuff. They all have their risks, and those risks must be understood and considered before you start implementing any solutions.

    It is extraordinarily lazy to simply discard an option with the excuse that "it cannot be secured", when what you really should be saying is that "it cannot be secured to meet my acceptable level of risk using the techniques of which I am aware". The latter description highlights the resolution to your problem: Do some research and learn about the risks and mitigation techniques available to you. Cloud providers, for instance, will usually be quite happy to enter contracts promising that they'll protect your data from illegal release, and providing adequate recourse if they don't. Datacenters will often provide isolated space for your servers, with access restricted to only certain personnel, or even only your own employees. A cheap outsourced service provider may not provide any assurances of privacy... but you might not even need any such protection for your company's archive of already-released press releases.

    In IT, this is your job. You must be aware of the risks inherent in every solution, and understand how they can be avoided, mitigated, or accepted. This analysis must happen not just for hosting consideration, but for every choice. Do you block a certain website in your firewall, or ban a particular application? How will the users respond? Will they be likely to work around the restriction in a riskier way? Will the new policy impact the business in a positive or negative way?

    Know all of your options, and list all of your assets. Gather all of the information you can before you have to make a decision. That's the only way to improve your security.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  6. A sidenote by Artem+S.+Tashkinov · · Score: 4, Informative

    While I commend the guys at BitDefender for finding this vulnerability its severity as a tad overstated.

    Most if not all virtual machines are not encrypted, so your hosting provider has full access to your encryption keys which means there are easier ways to decrypt/intercept traffic.

    Presumably you can solve this problem by using full disk encryption but then you need to find a way to pass your encryption password to your virtual host and you will surely do that through the means provided by your hosting provider, which means your password will be intercepted en route and again your hosting provider will have full access to the disk image.

    In short you cannot trust anything you're not running from your own physically secured environment.

    And even in your own fully secured physical environment you're still f*cked.

  7. There is no cloud, just other people's computers. by ffkom · · Score: 4, Insightful

    And those who own/operate those computers can, of course, eavesdrop whatever their "virtual" guests are doing. Seriously, how could anyone ever think otherwise?

  8. Re:This isn't a big deal, it's fucking huge. by AcidPenguin9873 · · Score: 3, Interesting

    Have you seen what AMD is putting into its next server processors? http://amd-dev.wpengine.netdna... Tldr: It encrypts a guest's memory with a key that the hypervisor does not have. In theory, it should make a guest VM inaccessible to the hypervisor.