Application isolation and virtualization provide a false sense of cybersecurity

guest · Jan 21, 2020

Application isolation and virtualization provide a false sense of cybersecurity
January 21, 2020
https://www.scmagazine.com/home/opi...ation-provide-a-false-sense-of-cybersecurity/

A recently discovered critical vulnerability presents yet another case study for the shortcomings of the isolation/virtual machine model for cybersecurity.

The vulnerability, CVE-2019-14378, has a severity of 8.8, and was first published in the National Vulnerability Database on July 29th, 2019. The vulnerability affects QEMU, the popular open source machine emulator and virtualizer.
But what happens when a vulnerability allows a hacker to break out from one hypervisor and execute code on the host computer itself?

This is the case with CVE-2019-14378, which can allow a malicious actor to run malware on the host computer from a virtual machine. The flaw could allow hackers to carry out “virtual machine escape,” [...]
Click to expand...

In sum, C/C++ code is everywhere, and security architectures can still be vulnerable to hacks that target C/C++ hypervisors like QEMU, even if they don’t use C/C++ code.
The QEMU vulnerability is by no means the first example of how virtual machines can be hacked. There are many examples related to open source components (ex. Linux KVM) and proprietary ones.
Click to expand...

Mitigation: Using Runtime Integrity
While hypervisors and virtual machines can be an effective line of defense, they are useless if their proper functionality and integrity is not guarded during runtime. For that reason, standards such as NIST 800-53 and ANSI/ISA‑62443 specify integrity requirements. One key method to achieve that is by adding Embedded Runtime Integrity controls, which in this case will do exactly that – ensure the isolation and separation work as intended.
Click to expand...

mirimir · Jan 21, 2020

Yeah, if I really care about isolation, it's on a different machine, which is on a different LAN.

shmu26 · Jan 22, 2020

So they found a vulnerability in QEMU. Buy them a beer. In what way does that justify the click-bait title of the article, which implies that isolation and virtualization is inherently vulnerable?

reasonablePrivacy · Jan 22, 2020

shmu26 said: ↑

So they found a vulnerability in QEMU. Buy them a beer. In what way does that justify the click-bait title of the article, which implies that isolation and virtualization is inherently vulnerable?
Click to expand...

The QEMU vulnerability is by no means the first example of how virtual machines can be hacked. There are many examples related to open source components (ex. Linux KVM) and proprietary ones.
Click to expand...

I think they are talking about high-value targets, because usually malware that average Joe Doe may be a victim of don't have any 0-day exploits.

shmu26 · Jan 22, 2020

reasonablePrivacy said: ↑

I think they are talking about high-value targets, because usually malware that average Joe Doe may be a victim of don't have any 0-day exploits.
Click to expand...

Yes, that makes sense.

Rasheed187 · Jan 25, 2020

shmu26 said: ↑

So they found a vulnerability in QEMU. Buy them a beer. In what way does that justify the click-bait title of the article, which implies that isolation and virtualization is inherently vulnerable?
Click to expand...

Exactly my thoughts. It's just like saying that AV's give a false sense of security because they can't block all malware. Nothing is bulletproof, but if used correctly, app virtualization can be quite secure. Think of Sandboxie for example.

Log in or Sign up

Application isolation and virtualization provide a false sense of cybersecurity

guest Guest

mirimir Registered Member

shmu26 Registered Member

reasonablePrivacy Registered Member

shmu26 Registered Member

Rasheed187 Registered Member

Log in or Sign up

Application isolation and virtualization provide a false sense of cybersecurity

guest Guest

mirimir Registered Member

shmu26 Registered Member

reasonablePrivacy Registered Member

shmu26 Registered Member

Rasheed187 Registered Member

Useful Searches