Is virtual machine really safe
Is Virtual Machine Really Safe?
Many of us generally think that virtual machines (VMs) are usually safe, because everything is packaged in a “box” and separate from the physical “host”. However, a security vulnerability discovered by security researcher Jason Geffner can make the VM less secure than you think, because bad guys can take advantage of this vulnerability to get out of the VM and access into host systems or other VMs running on the same host system.
This vulnerability is called VENOM, which stands for Virtualized Environment Neglected Operations Manipulation. Affected platforms include Xen, KVM, VirtualBox, and Qemu. Fortunately, VMWare, Microsoft Hyper-V and Bochs are not affected.
After entering the virtual server, VENOM can infect other VMs and then access the server’s network, allowing the bad guys to gain access to login information and private data and other sensitive data outside the VM. VENOM does not interfere with the source code of the virtualization software, meaning it does not need to know what operating system the server is running on, but the attacker needs to have the highest privileges (root) on the operating system of VM.
Although there have been no serious incidents related to the VENOM vulnerability yet, this vulnerability has caused much concern in the software development world. Previously, VM security flaws were usually only detected in virtualization software system configurations that were not set up by default, which are often not used in practice. And the flaws are only related to a virtualization platform. As such, VENOM can be considered as a unique vulnerability so far, affecting many platforms and impacting the default configuration of the platform, allows the bad guys to run malicious code directly from the compromised system.
And if we think that VENOM’s target is an outdated virtualization floppy disk, which is an unused device to us today, we’re wrong. Many virtualization platforms nowadays include virtual hard disks by default, and in some cases, even when virtual disks are turned off, there is still a bug that will allow the attacker to re-enable the virtual floppy. The Virtual Floppy Disk Controller was the first module to be added to Qemu’s source code in 2004.
After discovering the bug, Geffner informed the companies concerned about the bug fixes. CrowdStrike has officially announced VENOM. If your VM is running on this vulnerability, make sure you are up to date with the latest version of virtualization software, especially if you use Xen, KVM, or Qemu.