Image Image Image Image Image Image Image Image Image Image

BizCloud® Network | November 26, 2015

Scroll to top



Security Researchers Identify Flaws in Amazon Web Services

Security Researchers Identify Flaws in Amazon Web Services

Security Researchers Identify Flaws in Amazon Web Services

Amazon Web Services and its Elastic Compute Cloud (commonly referred to as EC2) have received a significant amount of credit in recent years for their ability to enable small Internet start-ups to host sophisticated web applications.  Known for bold promises of 99.95% server availability, EC2 was once considered nigh invincible.  However, well-publicized crashes and issues with downtime in both April and August have forced Amazon to face a startling reality: No cloud company can rest on its laurels, and cloud computing consumers are constantly requiring additional resources and increased performance.

In the face of ongoing Amazon Web Services stability and reliability concerns, researchers from France’s Eurecom, a respected European technology graduate school, have issued a report on a series of security and privacy holes in the thousands of virtual machine images Amazon offers for AWS and EC2 client rental.

To conduct their study, security researchers randomly chose 5,000 virtual machines from those that Amazon Web Services offers.  The virtual machines (or VMs) come preloaded with both Windows and Linux based servers and offer a wide variety of commonly used web hosting and web app related software packages.  AWS markets their servers as being “web ready,” suggesting that clients do not need to concern themselves with setting up basic software frameworks, such as PHP, MySQL, or Apache.

After renting each VM for a short period of time, researchers configured a series of automated scans intended to search and assess the machines for known software vulnerabilities and exploits, common malware and other types of infections, and possible privacy holes.  After the individual scans finished, researchers manually scrutinized and confirmed the results.

Researchers also examined the user account structure, saved administrative credentials on each machine, and conducted data recovery scans on over a thousand randomly selected virtual machines in an attempt to gauge the effectiveness of Amazon’s data management procedures.

Their findings should alarm both industry experts and potential Amazon Web Services clients:

  • A startling 98% of Windows virtual machines and 58% of Linux based ones came pre-installed with un-patched, un-updated software with known security exploits.  Researchers noted that most compromised machines did not contain only one or two vulnerabilities.  Windows VMs averaged 46 software vulnerabilities per machine, with Linux ones averaging 11.
  • Over one fifth of all AWS virtual machines had out-dated administrator accounts or saved administrative credentials still present on them upon having control passed over to AWS/EC2 clients.  While some of those accounts belonged to AWS administrators (whose accounts still should have been removed according to AWS policy), many of them were attributed to third party vendors.
  • Serious malware threats were identified on two of the machines.  After automated scans flagged potential infections, researchers manually confirmed Trojans that opened up potential remote exploits on two AWS virtual machines.  Researchers used freely available ClamAV software for the automated scanning portion of their investigation, which leaves open the possibility that more serious, targeted infections are present on some Amazon virtual machines.
  • Both Amazon Web Service administrators and AWS clients appeared to rarely follow data management best practices.  Researchers were able to successfully perform data recovery scans and recover deleted user files on 98% of Amazon Web Services virtual machines.

Eurecom’s findings were preceded by similar ones from a group of German researchers out of the Ruhr-University Bochum. In a separate October report, security researchers found that AWS was vulnerable to both cross site scripting and signature wrapping attacks (both popular exploits among Internet hackers).  Researchers were able to use these exploits to gain full administrative control of a variety of AWS virtual machines.  Amazon now claims that the identified security holes have been completed patched.





  1. I think this is a real great article.Really thank you! Much obliged.

  2. Thanks a lot for the post.Much thanks again. Much obliged.

  3. Im grateful for the post. Will read on…

Submit a Comment

2 + 5 =

Facebook IconYouTube IconTwitter IconBizCloud on LinkedInBizCloud on LinkedIn
More in Cloud Computing (404 of 889 articles)

PowerDNN, the worlds largest DotNetNuke hosting provider, and a platinum sponsor of the DotNetNuke Worldconference, has announced the immediate release of the ...