Dutch cybersecurity experts have developed a new technique for hacking a cloud virtual machine, which allows you to get full access to it using data deduplication. This is reported on the website of the Amsterdam Free University.
At the first stage, the attacker rents a cloud virtual machine in one or plural on the same host with the victim.
Often such machines are used for test launch of applications, software or Internet pages. At the same time, cloud hosting is divided into public, group and private. The hacker then registers the victim’s memory page in the vulnerable cell and allows it to be deduplicated.
After combining identical pages to save virtual space, the attacker gains access to the physical memory of the computer. He can view, copy, and also change the data on the latter, in particular, through the Rowhammer attack. This attack was developed in 2014 and is aimed at changing the value of bits — from 0 to 1 and vice versa — in RAM cells to search for vulnerabilities. A new type of hacking is called Flip Feng Shui (FSS).