Is Serverless Safe? ~ Hacking AWS Lambda ~ Yutaka Hiroyama Japan AWS Top Engineer since 2019

Who am I • Yutaka Hiroyama •iret, Inc. CISO Director of Internal Control Promotion Office & Deputy Division Director of Cloud Integration Division •AWS Well Architected Lead AWS Top Engineers - 2019 ~ •Many certifications holder about cloud computing (AWS e.t.c.), security, development and others.

Who is us Development Construct MSP※ Resale AWS：since 2010 Premium Consulting Partner Design App Development Infrastructure

Intro

Can you steal another one’s data via this AWS Lambda function? JNQPSUKTPO JNQPSUZBNM EFG)BOEMFS FWFOU DPOUFYU EBUBZBNMMPBE FWFOU<%BUB> TUPSF@EBUB EBUB SFUVSO\ TUBUVT$PEF CPEZl0,z ^ JNQPSUKTPO JNQPSUZBNM EFG)BOEMFS FWFOU DPOUFYU EBUBZBNMMPBE FWFOU<%BUB> TUPSF@EBUB EBUB SFUVSO\ TUBUVT$PEF CPEZl0,z ^

Caution!! https://unit42.paloaltonetworks.com/gaining-persistency- vulnerable-lambdas/ What Iʼll talk how to attack is under this article. You should not try this attack for the otherʼs environment !!

Hacking

Architecture of AWS Lambda As below is keys of this session. ● A container will be created when cold start happen. ● A bootstrap (runtime) and a code which written by user (handler) exists in the same container. ● A runtime continue to loop procedure that call handler and return the response. 引⽤） https://aws.amazon.com/jp/blogs/compute/the-serverless-lamp-stack-part-3-replacing-the-web-server/ https://medium.com/build-succeeded/deconstructing-aws-lambda-functions-d1597dd054cd

Overview of the technique The attack can be actualized by replace the bootstrap via the handler. It exploit a vulnerability of OS command injection. The evil bootstrap send received data to specified IP address just before call handler.

Procedure of replacing bootstrap The attacker can persistence as below. 1. Attacker tampere bootstrap which stole requested data. 2. Attacker create YAML file which contains tampered bootstrap and scripts which can replace bootstrap process. 3. Attacker send the YAML file. 4. Handler load YAML file. 5. While loading, handler replace current healthy bootstrap process with evil one. The evil bootstrap send received data to specified IP address just before call handler.

Attacking diagram - prepare

Attacking diagram - steal data Replace !

Key points Evil bootstrap has been created based on official one. The lambda function behave normally. So, Users and operators are hardly acknowledged the bootstrap has been replaced.

Extract of evil bootstrap This bootstrap send attached data to attacker by POST method.

Sample code of replacing bootstrap process script

Sample of creating evil YAML file script This script constructs camouflaged YAML file which contains evil bootstrap and bootstrap process changer.

The capture of stolen data You can see by Base64 decode

Who has responsibility?

Shared responsibility model on AWS Lambda IaaSとサーバーレス 引⽤） https://docs.aws.amazon.com/whitepapers/latest/security-overview-aws-lambda/the-shared-responsibility-

Shared responsibility model on AWS Lambda IaaSとサーバーレス

Analyze

About vulnerability CVE-2017-18342 vulnerability can cause OS command injection. PyYAML library ver 5.1 or less. CVSS 3 score is 9.8. It’s very dangerous. 引⽤） https://nvd.nist.gov/vuln/detail/CVE-2017-18342

JNQPSUKTPO JNQPSUZBNM EFG)BOEMFS FWFOU DPOUFYU EBUBZBNMMPBE FWFOU<%BUB> TUPSF@EBUB EBUB SFUVSO\ TUBUVT$PEF CPEZl0,z ^ Controversial code

How to protect

Protect types Shift Left (Scan, Separate Network, Encryption) Shield Right (WAF, IDS/IPS, CWPP, VPC FlowLog, GuardDuty) Quote) https://sysdig.com/blog/cnapp-runtime-insights-shift-left- shield-right/

Example of Amazon CodeGuru detection Detected !!

Example of AWS WAF protection Check “os.execv” word. This is the log of AWS WAF, when received the attack.

Important Both of shift Left and shield right are necessary! You should prevent not only protect.

Wrap-up

Is AWS Lambda dangerous？ No！but not safe with no countermeasure OS command injection is valid on IaaS or On-Prem environments. Or rather, it can easily to make it happen, because the attacker had not to know bootstrap process. Moreover, AWS Lambda automatically reconstruct environment by cold start.

You should ● You should do vulnerability countermeasures on FaaS such as AWS Lambda. ● (But the established attack may kill by automatically) ● You had better acknowledge how to work your using service to protect your system. ● To prevent (Shift left) and to protect / detect (Shield right) are important. You should both of them.