Flip Feng Shui attack: Researchers demonstrate new attack on virtual servers (POC VIDEO INCLUDED)

Researchers at the Free University of Amsterdam and the Catholic University of Leuven demonstrated a new attack on virtual servers during a security conference in the United States.. The attack is called Flip Feng Shui attack and it allows an attacker to navigate through virtual machines, allowing the attacker to change the memory of other virtual machines.

Virtualization servers often run multiple virtual machines, these virtual machines can have all types of roles, for example one virtual machine can act as an web server. The Flip Feng Shui attack allows the attacker to manipulate the behavior of other virtual machines that are hosted on the same virtualization server. For example, the attack would allow the theft of encryption keys and those keys can be used to perform further attacks.

The Flip Feng Shui consists out of 3 phases, in the first phase, the attackers will exploit the Rowhammer vulnerability, once the Rowhammer vulnerability has been exploited, the attacker will use the next two phases to manipulate the memory.

You can view the full demonstration in the video below

Source