Security researchers at Bitdefender have found a bug that is majorly affecting organizations which make use of the public cloud sphere. The vulnerability is called ‘TeLeScope’ by the group. It uses the out of guest approach as its way of working. One of the researchers at Bitdefender, Radu Caragea disclosed the flaw at the Hack in the Box Amsterdam conference which took place last month.
The researchers at Bitdefender showed that the flaw makes use of the third parties ability to eavesdrop on all the communication that will be encrypted by the Transport Layer Security (TLS) protocol. The TeLeScope flaw was seen by the company, and they saw that the flaw is only viable in environments that are virtualized and those that can run on top if a hypervisor.
This is highly important because some of the biggest players in the market such as Amazon, Google, Microsoft, and DigitalOcean use this kind of infrastructure.
Bitdefender also noted that other industries such as banks, intellectual property companies, personal information companies and the government institutions could also be affected. Caragea said that the methods which are being used to gain the information which would require modifications in the guest, and all of them were visible by the malware.
Through the use of an out of guest approach to get the data, they managed to address some of the drawbacks and managed to replicate the process of memory introspection techniques.
TeLeScope uses various methods to make it undetectable through the OS and crypto-library agnostic. In a statement, Bitdefender said that all companies which sourced all their virtual infrastructure, and a third party vendor was supposed to assume that all the information that was in transit between them and the users had already been decrypted and could even be read for an undefined time already.
Unfortunately, there is no easy solution to this flaw at the moment. Cryptographic libraries have to be rewritten to help fix and repair the lapse created by the flaw. The company also noticed that the best way to repair the vulnerability was to prevent access to the hypervisor. This can be done through companies which run hardware inside the private infrastructures, and companies might not want to do that.