Baldwin Consulting Services, LLC

Continuity Management and Technology Services – News Reblog

Hackers Can Slip Invisible Malware into ‘Bare Metal’ Cloud Computers

On Tuesday, researchers at the security firm Eclypsium published the results of an experiment in which they showed that they could, for a certain class of cloud computing servers, pull off an insidious trick: They can rent a server from a cloud computing provider—they focused on IBM in their testing—and alter its firmware, hiding changes to its code that live on even after they stop renting it and another customer rents the same machine. And while they made only benign changes to the IBM servers’ firmware in their demonstration, they warn that the same technique could be used to plant malware in servers’ hidden code that persists undetected even after someone else takes over the machine, allowing the hacker to spy on the server, alter its data, or destroy it at will.

Link