Hypervisor Wiretap Feature


Hello everybody,

Bitdefender recently discovered a real-time technique that can undo encrypted communications leaving no footprint that can be traced by anyone except extremely careful security auditors.

This technique developed for research purposes has been dubbed TeLeScope. It proves that a third-party can eavesdrop on communications encrypted with the Transport Layer Security (TLS) protocol between an end-user and a virtualised instance of a server.

This attack allows malicious Cloud provider to uncover the TLS keys used to encrypt communication sessions between virtualised servers and customers. This means that CIOs who outsource their virtualised infrastructure to a third-party vendor should be aware of the possibility of decryption and exposure of the information flowing between the business and its customers.

Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender said “There is no telling whether communications have been compromised and for how long this has been happening because this approach does not leave any anomalous forensic evidence behind… Banks and companies that are dealing with either intellectual property or personal information, as well as government institutions, are the sectors that could be highly affected by this flaw.”

This TeLeScope technique can be carried out only on virtualised environments that run on top of a hypervisor as it relies on extracting the TLS keys at the hypervisor level by clever memory probing. This type of infrastructure is quite popular and used by major companies like Amazon and Google.

Bogdan Botezatu added that upon discovering the flaw, they decided to publicly disclose this in detail, as the social, economic and political stakes of passive traffic monitoring in virtualised environments are overwhelming.

Always beware of what might happen to your data!

Source: Akati

Comments are closed.