Researchers at Ruhr-University Bochum found security issues with Amazon Webservices (AWS) which, if exploited, could cripple one’s privacy in the cloud. While the holes were only found in AWS, the researchers believe they may exist in many other cloud services.
The current security systems used to protect data in the cloud often come at the expense of performance, and as the services try to find an acceptable balance, others look for weaknesses. One hole the researchers found was exploited with XML signature wrapping attacks. The result was the researchers took the administrative rights of a cloud customer, enabling them to do things like add and delete images. Another exploited hole was found in the AWS and Amazon shop interface. Using cross-site scripting attacks, the researchers were able to gain complete access to customer data, including authentication data and passwords. This demonstrates the vulnerability of using a common login system, like Amazon.
These holes have already been sealed in every service the researchers notified, but by having existed, they prove the point that cloud data is not yet secured perfectly.