After IBM SoftLayer fails to scrub bare-metal box firmware of any lurking spies, alarm raised over cloud server security | 2/26/2019 | Staff
smilingbearsmilingbear (Posted by) Level 4
Click For Photo:

Cloud providers renting out bare-metal servers must make sure they scrub every last byte of writable storage on their boxes between deployments, infosec outfit Eclypsium has urged.

Otherwise, malicious customers could stash malware in motherboard flash memory that activates when the next user of a machine powers it up.

Biz - Today - Case - Study - IBM

The biz today emitted a case study, centering around IBM's SoftLayer, as evidence of how giving customers superuser-grade access to dedicated off-premises hardware can expose folks to attacks from firmware-level infections. Eclypsium, we should point out, just so happens to sell firmware security solutions.

The problem, explains Eclypsium, is that a miscreant could rent a bare-metal server instance from a provider, then exploit a firmware-level vulnerability, such as one in UEFI or BMC code, to gain persistence on the machine, and the ability to covertly monitor every subsequent use of that server. In other words, injecting spyware into the server's motherboard software, which runs below and out of sight of the host operating system and antivirus, so that future renters of the box will be secretly snooped on.

Firmware - Storage - Customer - Node - Sort

Ideally, this shouldn't be allowed to happen, that the firmware storage be completely wiped and restored to how it should be before a new customer is allocated a freed-up node, but apparently this sort of attack is possible.

To prove their theory, Eclypsium's team looked at SoftLayer, the IBM-owned cloud platform, and spotted some of Big Blue's bare-metal servers were using vulnerable Supermicro BMC firmware that could be leveraged to cause further mischief.

Goal - Access - Device - Change - Release

"Our goal was to acquire access to a device, make a small change, release it back to IBM for reclamation, and then reacquire the same device from a different user account to see if our changes survived the reclamation process," the Eclypsium team explained on Tuesday. "In our initial investigation, we identified a particular SoftLayer data...
(Excerpt) Read more at:
Wake Up To Breaking News!
If you're not living on the edge, you're taking up too much room.
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!