Skip to main content

Researchers compromise bare-metal cloud servers

Image Credit: Pexels (Image credit: Image Credit: Manuel Geissinger / Pexels)
Audio player loading…

A new report from the hardware security firm Eclypsium has revealed that hackers can corrupt the firmware of bare-metal cloud servers so that they can regain access to the servers after they've been released and reassigned to other customers.

A bare-metal server is a physical server that is rented to one customer at a time and many companies in the cloud services industry offer these servers to their customers because of their flexibility and security benefits. Once a customer is finished with the server, it is released back to the cloud company and the provider wipes the server of any customer data so that it can make it available to others.

However, in its latest experiment, Eclypsium discovered that cloud service providers are not doing enough when it comes to properly wiping base-metal servers.

The team was successfully able to make modifications to a server's baseboard management controller (BMC) firmware which a potential attacker could use to access a server after it was wiped and reassigned to another customer.

Bare-metal cloud server security

Last year, researchers from Eclypsium discovered vulnerabilities in the BMC firmware of Super Micro motherboards and they used this knowledge to exploit IBM's SoftLayer cloud service which uses Super Micro hardware.

The company explained why it chose IBM SoftLayer for its experiment, saying:

“We originally chose SoftLayer for our testing environment because of its simplified logistics and access to hardware but noticed SoftLayer was using SuperMicro server hardware that based on our previous research we knew were vulnerable. It should be noted that SoftLayer uses other hardware vendors in addition to SuperMicro, and SuperMicro devices are used by many other service providers."

Eclypsium called its successful test Cloudborne and the company's research team was able to update a rented bare-metal server's BMC firmware with one they had prepared in advance which contained just one single bit flip so that they could recognize it at a later point. However, an attacker could add malicious code to the BMC firmware opening a server up to backdoor accounts.

IBM responded to Eclypsium's research in a blog post in which it detailed how it had reconfigured its cloud service to reflash all BMC firmware to factory settings and erase all logs and generate new passwords for each client.

Via ZDNet

After getting his start at ITProPortal while living in South Korea, Anthony now writes about cybersecurity, web hosting, cloud services, VPNs and software for TechRadar Pro. In addition to writing the news, he also edits and uploads reviews and features and tests numerous VPNs from his home in Houston, Texas. Recently, Anthony has taken a closer look at standing desks, office chairs and all sorts of other work from home essentials. When not working, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.