Datadog Security Labs researchers developed a new name confusion attack technique known as whoAMI, which allows threat actors to execute arbitrary code within an Amazon Web Services (AWS) account by uploading an Amazon Machine Image (AMI) with a specified name.
The researchers warn that, at scale, this assault can impact thousands of AWS accounts, with approximately 1% of organisations believed to be vulnerable. An Amazon Machine Image (AMI) is a virtual machine image used to start Elastic Compute Cloud (EC2) instances. Users can use the AWS API to search for the latest version of an AMI or provide it by ID.
Datadog Security Labs stated that anyone can publish an AMI to the Community AMI catalogue; in order to verify whether a user searching the catalogue for an AMI ID will receive an official AMI rather than one published by a malicious actor, he can specify the owner attribute.
When searching for AMIs, using the owner attribute may ensure that results are from verified sources such as Amazon or trustworthy providers. If the owners property is not included in an AMI search, an attacker can publish a malicious AMI with a recent date, making it the first result in automated queries. The attack happens when a victim uses the name filter without specifying the owner, owner-alias, or owner-id criteria, and retrieves the most recently generated image.
“To exploit this configuration, an attacker can create a malicious AMI with a name that matches the above pattern and that is newer than any other AMIs that also match the pattern. The attacker can then either make the AMI public or privately share it with the targeted AWS account.” reads the advisory published by the company.
The researchers published a video proof-of-concept of the assault and developed an AMI with a C2 backdoor preinstalled (attacker AWS Account ID: 864899841852, victim AWS Account ID: 438465165216).
“This research demonstrated the existence and potential impact of a name confusion attack targeting AWS’s community AMI catalog. Though the vulnerable components fall on the customer side of the shared responsibility model, there are now controls in place to help you prevent and/or detect this vulnerability in your environments and code,” the report concluded. “Since we initially shared our findings with AWS, they have released Allowed AMIs, an excellent new guardrail that can be used by all AWS customers to prevent the whoAMI attack from succeeding, and we strongly encourage adoption of this control. This is really great work by the EC2 team!”
As of November last year, HashiCorp rectified the flaw in terraform-aws-provider 5.77, which now warns when "most_recent=true" is used without an owner filter. This will become an error in version 6.0.
