Internet privacy and security course
Aa font
AA font size
20
About translation
Previous Next

Chapter 31

The flaws of virtual machines. How hackers break out of a virtual environment.

Many of you already use a virtual machine for a safer method of working, running suspicious files, documents, websites. Virtual isolation is a great protection tool but far from ideal. This chapter reveals how hackers and intelligence agencies break through the virtual environment and how to protect yourself from this threat.

Suppose, there is a document, link or application made by an attacker to gain access to your device and data. Being a reasonable person, you run it in your virtual environment with the hope it will shield you from potential threats. Only this time you are unaware that you are up against not just your regular script kiddie with a common Trojan, but a professional hacker anxious to obtain access to your system.

But to perform an attack, he will have to break out of the virtual environment. Now let’s see how it can be done.

Escape from a virtual environment using standard VirtualBox tools

You are probably familiar with the tools that allow the interaction between the host and guest machines such as shared clipboard, shared folder and Drag'n'Drop. Copying a file in the host machine and then inserting it in the virtual machine or simply dragging this file onto another machine is extremely convenient.

Creating a bridge between the guest machine and host machine is not the most prudent steps security-wise. You’ve probably guessed that a hacker can take advantage of these tools to penetrate your primary machine. We recommend you stop using these tools in favor of more secure data transmission methods. We will look at these methods in the chapter about sandboxes.

Escaping from a virtual machine is not the easiest thing to pull off, for instance, when the shared clipboard is enabled, however, it’s made a lot easier when you use it.

Tip

Stop using a shared folder, shared clipboard and Drag'n'Drop. However convenient they are, it is unsafe to use them.

Escape through Wi-Fi routers and external media devices

You can find a lot of material on the Internet revealing how to set up a virtual machine, install Kali Linux on it or specialized software and attack Wi-Fi devices nearby. Will a hacker resist the temptation of breaking through your virtual machine and compromising the Wi-Fi routers near you? This may be your home Wi-Fi or the one you use at work.

Unfortunately, routers, as a rule, prove vulnerable for attacks, and a malicious intruder will be enabled to perform a damaging attack on the devices that connect to your router provided he gains access to this router. In a separate chapter, you will learn about the consequences of a compromised Wi-Fi router. Take my word for it, this kind of attacks can be very dangerous.

The only sensible piece of advice I can give you here is the following: make sure your Wi-Fi router is secured enough, and you will learn how to achieve this within this course. For an extra layer of defense, we recommend you use a VPN, it won’t be able to protect you from getting your Wi-Fi compromised, but it will help you prevent an attack where, for instance, an attacker can attempt to intercept Internet traffic or spoof DNS.

Tip

Make sure your Wi-Fi router is secured from attacks.

One can escape from virtualization using a USB flash drive if at the moment of attack it is connected to a virtual machine, and then a user proceeds to connect it to the host system. However, this is predicated on the concurrence of many factors. In some cases an attacker can perform an attack through Bluetooth on the devices found nearby, but this is a sophisticated method that too requires a lot of conditions to coincide.

Vulnerabilities

Unfortunately, every year security experts uncover new vulnerabilities in virtualization solutions that allow perpetrators to escape from a virtual machine and attack a host system. There is a very high probability that such tools are used by intelligence agencies and hacker groups recruited by them; this kind of software is demonstrated at hacker conferences every year.

For instance, in 2017 Chinese security teams 360 Security и Tencent Security achieved an escape from a virtual machine running on VMware Workstation. In both of the cases the escapes required several vulnerabilities to be exploited in unison. In both of the cases the