IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Bare metal flaw allows hackers to put backdoors into cloud servers

Cloudbourne exploit could enable hackers to attack any client on cloud-based servers

Cloud security

A new flaw has been discovered by security researchers that could enable hackers to install backdoors on the firmware of bare-metal cloud servers that stay active even when the customer using the hardware has been re-assigned elsewhere.

Called "Cloudbourne", the vulnerability was first discovered by researchers at the Eclypsium Research Team, who detailed their findings in a blog post. They found that hackers could plant backdoors and malware in the firmware of a server, or in its baseboard management controller (BMC), with relative ease.

These BMCs enable remote management of a server for initial provisioning, operating system reinstall and troubleshooting. Cloudborne exploits a flaw in the hardware's reclamation process when moving clients on and off a bare metal server.

While physical servers are dedicated to one customer at a time, they don't stay that way forever," said researchers. "Servers are provisioned and reclaimed over time and naturally move from customer to customer."

The firmware of the hardware is not reflashed in the reclamation process, allowing backdoors to persist. A hacker uses a known vulnerability in Supermicro hardware to rewrite the BMC and gain direct access to the hardware.

Researchers said that hackers "could spend a nominal sum of money for access to a server, implant malicious firmware at the UEFI, BMC, or even component level, such as in drives or network adapters. Then the attacker could release the hardware back to the service provider, which could put it back into use with another customer."

They added that given a BMC's ability to control the server, any compromises to that firmware can provide access to powerful tools for an attacker to exploit.

"Given the nature of the applications and data hosted on bare-metal offerings, this opens up the possibility for high-impact attack scenarios," they said.

These scenarios include application disruption, where a malicious implant at the BMC level could permanently disable a server; data theft, as it provides attackers with another very low-level way of stealing or intercepting data; and ransomware attacks, as attackers would naturally have the ability to take hold of valuable assets.

The backdoor could also compromise other parts of cloud infrastructure. For example, hackers could send malicious IPMI commands over system interfaces from the host without the commands being authenticated.

"Since there is no authentication performed when using system interfaces, the only barrier to running arbitrary code within the BMC is whether the BMC itself performs cryptographically secure signature verification of the firmware update image before applying the update. Unfortunately, not all BMCs perform this check, and even when they do, malware can exploit vulnerabilities in the BMC firmware to bypass it," noted researchers.

Researchers said that as firmware underlies even the host operating system and the virtualization layers of a server, any implants would naturally be able to subvert any controls and security measures running at these higher layers.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022