Flip Feng Shui attack on cloud VMs exploits hardware weaknesses

Security researchers VUSec, of the  Systems and Network Security Group at VU Amsterdam, have revealed an attack that changes bits in the memory page of a VM running on the same host where an attacker is also running a VM.

Flip Feng Shui, as the attack has been dubbed (FFS for short), exploits behaviors in memory deduplication functions and leverages a previously documented memory-altering vulnerability called Rowhammer, unveiled by Google’s Project Zero research team.

To read this article in full or to leave a comment, please click here

from InfoWorld Cloud Computing http://ift.tt/2aKpx9K