Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone
Flip Feng Shui attack: Researchers demonstrate new attack on virtual servers (POC VIDEO INCLUDED)

Researchers at the Free University of Amsterdam and the Catholic University of Leuven demonstrated a new attack on virtual servers during a security conference in the United States.. The attack is called Flip Feng Shui attack and it allows an attacker to navigate through virtual machines, allowing the attacker to change the memory of other virtual machines.

Virtualization servers often run multiple virtual machines, these virtual machines can have all types of roles, for example one virtual machine can act as an web server. The Flip Feng Shui attack allows the attacker to manipulate the behavior of other virtual machines that are hosted on the same virtualization server. For example, the attack would allow the theft of encryption keys and those keys can be used to perform further attacks.

The Flip Feng Shui consists out of 3 phases, in the first phase, the attackers will exploit the Rowhammer vulnerability, once the Rowhammer vulnerability has been exploited, the attacker will use the next two phases to manipulate the memory.

You can view the full demonstration in the video below

Source

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone
  • Learn more about eGRC Strategy, Products and Services click here
  • Learn more about Threat & Vulnerability Management Platforms click here
  • Learn more about Advanced End Point Protection click here
  • Learn more about NextGen Identity & Access Management Solutions click here