Various companies, start-ups and governments are leaking their own files from the cloud. This is shown by new research presented at Def Con. The problem lies in the Elastic Block Storage snapshots by AWS.
The Elastic Block Storage (EBS) snapshots are, according to Ben Morris, a security analyst at Bishop Fox, the keys to the kingdom. All data for cloud applications is stored in EBS snapshots.
They have the secret keys to your applications and database access to your customers’ information, says Morris to TechCrunch. When you throw away your computer’s hard disk, you usually empty it completely or destroy it. But these public EBS volumes are open to everyone.
The problem is that many cloud admins choose the wrong configuration settings. As a result, the EBS snapshots remain public and are not encrypted. “This allows anyone on the Internet to download and boot the hard disk. By linking it to a machine, it is possible to navigate through all kinds of data and secrets.”
Tool
Morris himself created a tool that uses Amazon’s internal search function to find and scrape public EBS snapshots. Then the snapshot is linked, a copy is made and a list of the contents of the snapshot appears on Morris’ system.
The researcher was able to build up a database with leaked data within two months. He paid a few hundred dollars to Amazon cloud resources for this.
After a snapshot has been validated, the data is deleted.
Dozens of snapshots
In this way, Morris found dozens of public snapshots in just one region. It contained, for example, application keys and data from critical users. The data came from various large companies, including tech companies and healthcare providers.
Morris also found VPN configurations. In his own words, this enabled him to set up a tunnel to a company network. However, he did not use the login details and sensitive data.
Morris expects there to be a total of 1,250 public snapshots in all Amazon cloud regions. An Amazon spokesman states that customers who have made their EBS snapshots public have been notified and are advised to take the snapshot offline if the institution was unintentional. The company also emphasizes that it is possible to enforce encryption for EBS volumes and snapshots by default in the configurations.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.
5 hours ago
