Skip Links

Report: Some cloud providers have "dirty disks"

Rackspace, VPS.net say they have resolved vulnerability

By , Network World
April 26, 2012 04:08 PM ET

Network World - A forensic IT study by a U.K. security consultancy found that some multi-tenant public cloud providers have "dirty disks" that are not fully wiped clean after each use by a customer, leaving potentially sensitive data exposed to other users.

Last year, officials at Context Information Security conducted a study to determine if they could access data from other customers within public cloud environments of four providers. "We were quite surprised," says Michael Jordan, research and development manager at Context. "Using a pretty straightforward test we were able to view data that had been there a pretty long time."

RELATED: Do you know where your cloud data is? 

DO IT YOURSELF: How to hack your own Wi-Fi network 

Context officials, who conducted the study with the permission of the cloud providers, performed a series of disk analysis tests on virtual machines running in the public clouds. The theory was that if the hypervisor is not architected to clear storage disks after each use by a customer, the data can remain on the disk and be accessed by subsequent users. Sure enough, when Context researchers prompted the virtual machines to read the raw data on the disk, they found remnants of previous customers' data.

In one test Context researchers found references to applications that had previously been installed on the disk, while in other cases they found more potentially sensitive data, such as fragments of a website's customer database and logs showing where the data came from. "The remnant data was randomly distributed and would not allow a malicious user to target a specific customer," Context officials wrote in a report describing their testing. "A malicious user who discovered the vulnerability could, however, exploit it to harvest whatever unencrypted data he came across: e.g. personal information, credit cards or credentials."

Context officials tested cloud service providers Amazon Web Services, Rackspace, VPS.net and Gigenet and found that Rackspace and VPS.net had the vulnerability. Rackspace worked with Context for more than a year to update its system and said it has "fully resolved" the vulnerability and notes that it knows of no customer data being breached. "We have ensured that all data is wiped effectively whenever disk space moves from one customer to the next. And we have cleaned up all fragments of remnant data," a statement from Rackspace reads. VPS.net notified Context that it had patched its system, but provided no additional details. The company did not respond to request for comment from Network World.

VPS.net uses technology from OnApp to run its cloud platform, and officials with that company say after they were alerted of the issue by VPS.net they created a patch that cloud service providers can choose to install that will automatically zero out all disks after use by a customer. Carlos Rego, chief visionary officer for OnApp, says he has not tracked how many of the company's service provider customers have installed the add-on functionality.

Our Commenting Policies
Cloud computing disrupts the vendor landscape

 

Latest News
rssRss Feed
View more Latest News