The question is asked by Senior Reporter from Forbes Andy Greenberg, who attended the security industry’s big annual confab, the RSA Conference, and wrote up an article aptly titled ‘Virtualization Dark’s Side’. He writes:
“In the past few months, security researchers have revealed bugs in practically every piece of virtualization software, including products from virtualization heavyweights VMware and Microsoft.
Exploiting those bugs, attackers can use what researchers call “virtual machine escape,” or “hyperjacking.” By taking control of the hypervisor, the piece of software that controls all the virtual computers within a machine, an attacker can “escape” from any single virtual computer hosted on the machine and quickly multiply his or her access to a company’s data.”
Virtualization security researchers and experts were quick to point out the weaknesses of virtualization and several techniques to breach the security.
Joanna Rutkowska, the founder of security research firm Invisible Things Lab, reportedly described a new type of virtualization-based malware that could be used to take control of a machine running virtualization software. Because virtualization allows companies to store many virtualized software “images” of computers on a single physical machine, an attack like the one Rutkowska envisions would allow a hacker “not only to control a single machine but to siphon data from any virtual machine it contains”.
Rutkowska also described how an intruder could install what she calls a “blue pill,” a second, malicious hypervisor that controls the original hypervisor and all of the virtual machines beneath it.
Fortunately, she also said that the attacks she discussed are likely too new to have ever been used by real-world cybercriminals, and are unlikely to become common.
What do you think?
I wouldn’t be losing much sleep at this point. Some good background on blue pill:
http://x86vmm.blogspot.com/2007/07/bluepill-detection-in-two-easy-steps.html
http://www.virtualization.info/2006/08/debunking-blue-pill-myth.html