Security researchers VUSec, of the Systems and Network Security Group at VU Amsterdam, have revealed an attack that changes bits in the memory page of a VM running on the same host where an attacker is also running a VM.
The Flip Feng Shui (FFS) attack exploits behaviors in memory deduplication functions and leverages a previously documented memory-altering vulnerability called Rowhammer, unveiled by Google's Project Zero research team.
The full details of the FFS attack are elaborate, but VUsec believes it is "possible to implement FFS reliably today in the cloud."
Does this bug you? I'm not touching you
The attack involves three phases. First, the attacker VM runs a profile on the available physical memory to determine if there are memory cells that are vulnerable to Rowhammer attacks. Second, the attacker "writes a memory page that she knows exists in the victim on the vulnerable memory location." The two pages, the attacker's and the victims, are then merged automatically by the system's memory deduplication mechanism.
"If the attacker VM's physical memory is chosen to back both pages," write VUsec's researchers, "the attacker can then trigger Rowhammer to modify the memory of the victim." Since the changes happen directly in memory, says VUsec, they circumvent standard VM memory isolation techniques.
The researchers provided multiple proof-of-concept demonstrations, including one where they compromised an SSH session by corrupting the RSA public key used to establish the connection, and another where they were able to install a compromised software package with apt-get by altering a domain name.
Theory versus practice
Pulling off a proof-of-concept attack in the lab is one matter. Executing FFS on a real-world cloud provider, with an unsuspecting victim, is another story entirely. The biggest obstacle appears to be finding a matching memory page and forcing the merge, which might require a good deal of trial and error before it sticks.
Another issue is whether the hardware used by commodity cloud providers is vulnerable to Rowhammer attacks. VUsec claims that when Rowhammer was first disclosed, around 85 percent of the DDR3 modules in use at the time were vulnerable, and that even ECC DRAM is still vulnerable.
Practicality aside, FFS is the most recent and and exotic wrinkle in a long line of attacks that can be mounted against VMs on shared public cloud infrastructure. FFS stands out because it exploits not one but two silent hardware-level behaviors, one of which (deduplication) is used to squeeze more efficiency out of hardware hosting multiple VMs.
Attacks like FFS also validate the idea that if you want to be absolutely sure you're not sharing space with a potentially hostile neighbor, forget about VMs or containers; running on bare metal is the way to go. It's easier to do this thanks to services that offer bare metal on demand, as well as orchestration systems that work with bare metal.
That said, let's let's face it: VMs (and containers in VMs) are one of the biggest slices of how things are done in enterprises these days. Few people are going to bail on them because of an attack that's yet to be seen in the wild and that depends on a highly elaborate chain of contrivances.
VUsec is taking steps, though, to make sure FFS doesn't proliferate. The group claims it is "in contact with major cloud providers and VM monitor vendors to ensure that the issue is resolved for most cloud users."