Other issues in this category (35)
Real threats to virtual machines
Thursday, April 4, 2019
Here is the message that appeared one morning in our virtual machine just after we’d started it up. The machine was used for all sorts of experiments, so the anti-virus software on it was regularly disabled, reinstalled, etc. All in all, its security wasn't particularly robust. No malware was intentionally downloaded or installed on the machine. Only the browser was occasionally launched while the anti-virus or some of its components were disabled. But, as you see, that proved to be enough.
Users pay little attention to virtual machine security because many people believe that even if a machine gets infected, nothing bad will happen. In the worst-case scenario, they'll have to delete the infected system image and create a new one.
One can say with a high degree of probability that even the most fiendish malware in a guest VM will stay within its bounds after its nefarious work is complete.
The guest operating system has no access to the host VM and is never fully aware of the fact that it is being run as a virtual machine client. The risk of infection exists only if the host and guest VMs communicate directly—when they exchange files and folders.
So people assume that if the host and guest VMs do not use a shared folder and don't exchange data any other way, they are perfectly safe.
Alas, this is not true.
Day 2results have been published for the Pwn2Own 2019 competition.
Researchers demonstrated working exploits for previously unknown vulnerabilities.
- VirtualBox: integer overflow and race condition enabled them to escape the guest VM and execute code in the host system;
- VirtualBox: another integer overflow bug was used to gain access to the underlying operating system;
- VMware Workstation: race condition and buffer overflow bugs were exploited in the VMware client to run code in the host operating system.
A researcher leveraged a JIT renderer vulnerability to hack into the Chromium-based browser of Tesla Model 3.
This means that an attacker can compromise a guest VM and run code in the host system maintaining the virtual machine.
The Anti-virus Times recommends
Of course, few malicious programs can exploit vulnerabilities in guest VMs to attack a host operating system. Finding loopholes and creating exploits requires considerable skill. However, threats of this kind do exist and can be used to mount successful attacks—all the more so because users don't like to install updates and, thus, keep loopholes unpatched. Therefore, an anti-virus must be up and running on “both sides of the fence”—on the guest VM and in the host operating system.