Q
Problem solve Get help with specific problems with your technologies, process and projects.

How can enterprises stop the Flip Feng Shui exploit from hijacking VMs?

The Flip Feng Shui attack can target virtual machines. Expert Judith Myerson explains the exploit and describes how to prevent it from hijacking enterprise VMs.

My company has been moving enterprise systems to virtual machines. Can you tell me how we can prevent the Flip...

Feng Shui attack from hijacking our virtual machines?

Flip Feng Shui is a bit flipping exploit. An attacker uses it to hijack a virtual machine.

Hijacking is made possible by flipping a bit in cryptographic software residing in the targeted virtual machine. This makes it easier for the attacker to weaken and bypass the software.

Attacking a virtual machine with Flip Feng Shui is a two-step process. As the researchers at the Vrije Universiteit Amsterdam have found, the first step is to abuse Linux's memory deduplication in one virtual machine in order to gain control of another virtual machine. Memory deduplication is an OS feature widely used in cloud production that allows anyone to reverse a physical page into a virtual page.

The second step in a Flip Feng Shui attack is to exploit the Rowhammer bug to flip a single bit on the target page that contains any software from the victim virtual machine. This includes OpenSSH public keys, Debian and Ubuntu update URLs, and trusted public keys.

Once it is weakened or rendered useless, the victim virtual machine opens its door wide to the hijackers.

To defend a virtual machine against the Flip Feng Shui attack, you must disable memory deduplication, and then quickly move on to extensive Rowhammer testing of the dynamic RAM chip to make sure the bit doesn't flip.

You should also consider a newer protection known as directed row refresh that has been implemented in certain types of DDR4 RAM chips. DDR4 is short for double data rate fourth-generation, and it offers a wider range of clock speeds, lower power consumption and reduced latency than its predecessors.

As an additional layer of defense, you should consider checking sensitive information for integrity to make sure the information does not contain a flip bit.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn how to mitigate the bit flipping flaw caused by Rowhammer exploits

Find out how the Flip Feng Shui technique undermines cloud security

Discover whether Microsoft Edge users are at risk of a Rowhammer exploit

This was last published in April 2017

Dig Deeper on Virtualization security issues and threats

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What has been your experience with the Flip Feng Shui exploit?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close