Researchers steal secret RSA encryption keys in Amazon’s cloud
As thousands of cloud fanatics descend on Las Vegas this week for Amazon Web Service’s re:Invent conference, researchers in Massachusetts are raising new questions about the security of all multi-tenant cloud environments.
A group of professors at Worcester Polytechnic Institute demonstrated in a recently published paper named “Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud,” a proof of concept hack of secret cryptography keys used in an AWS virtual machine. The now-patched flaw – which was not specific to AWS — showed that a hacker could theoretically gain a user’s secret keys that are used to encrypt sensitive data.