Research team presents Flip Feng Shui attack method at Usenix Security Symposium 2016
Researchers of the Vrije Universiteit Amsterdam and the Katholieke Universteit Leuven discovered a new attack method, known as Flip Feng Shui. This is the first attack method that enables an attacker to change the contents of the memory of another virtual server. In this way, he can directly attack the virtual server. Previously discovered attack methods, so-called side channels, aim to eavesdrop on a virtual server on the same host, and gain access to confidential information. On August the 10th, the researchers present their results at the USENIX Security Symposium 2016.
The research team has informed the NCSC, prior to their presentation, about
the results of their research based on responsible disclosure.
Being a coordinating authority in the field of cyber security, the NCSC has informed national and international parties so that they can take preventative action .
The researchers present their findings on the USENIX Security Symposium 2016. Their slides and research report are available on https://www.vusec.net/projects/flip-feng-shui/.
The NCSC published a factsheet targeted at information security professionals, administrators and architects of organisations that purchase or internally use virtualised services (such as cloud servers) via: "Factsheet Use virtualisation wisely" (English) and "Factsheet Virtualiseer met verstand" (Dutch).
Also available is an extensive 'question and answer' on the Flip Feng Shui attack method, including perspective for action for owners of hosts on: "Flip Feng Shui attack method: question and answer" (English) and "Flip Feng Shui-aanvalstechniek: vraag en antwoord" (Dutch).