Researchers at the Ruhr University in Bochum in western Germany managed to hack into private Clouds, using a weakness in the Eucalyptus software platform, which is widely used in Cloud services. The researchers circumvented the dedicated Cloud interface provided by Eucalyptus and could operate all functions of the Cloud.
Private Clouds have been gaining in importance amid customer worries that data provided to big providers of Cloud services could find their way into other hands. For that reason, providers have been offering major customers the opportunity to run their own servers in private Clouds.
Worldwide, more than 25,000 private Clouds have been established using Eucalyptus software, Ruhr University said in a press release.
The researchers used so-called "signature wrapping" to circumvent the Cloud interface. This kind of hack uses the official signature embedded in each message to officially register as a user of the Cloud. With a false identity, the hacker was then able to give any of a range of commands to the Cloud.
Studies project that, in Germany alone, Cloud services will triple in the next 15years. "That's why it is urgently necessary to recognize the security gaps in Cloud computing and to prevent them," said Joerg Schwenk, a data security specialist at Ruhr University.