logo

Breaking Managed Data Services in the Cloud

Conference:  Black Hat Asia 2023

2023-05-12

Authors:   Yoav Alon, Tzah Pahima, Yanir Tsarimi


Abstract

Cloud is the new operating system of the internet – almost all companies use the cloud to host workloads and data. While there are many talks about how to configure and maintain secure public cloud environments, there's little security research into the core cloud infrastructure, and vulnerabilities in core services could have a big impact on customers.This is the story of how our research led to two major discoveries, crossing tenant boundaries in two services in the biggest cloud vendors. We researched two data integration services, where our exploits allowed us to obtain credentials to other customer accounts and run code on remote machines.We're here to discuss new types of cloud provider service vulnerabilities, the anatomy, the implications - how simple vulnerabilities can lead to great impact, and yet how it still is beneficial to be a cloud customer.

Materials: