Misconfigured Amazon Web Service (AWS) S3 buckets allow MITM attacks
The exposure of sensitive data via misconfigured AWS S3 buckets has been regular over the last few years. In two months this summer, researchers discovered thousands of potentially sensitive files belonging to the U.S. National Geospatial-Intelligence Agency (NGA); information on millions of Verizon customers; and a database containing details of 198 million American voters.
“These exposed 3rd party Buckets are wide ranging and have a long tail distribution that includes Buckets owned by leading national news/media sites, large retail stores, popular cloud services, and leading advertisement networks. The breadth of this exposure necessitates both enterprises accessing this content from their networks and owners of this data resident in S3 to take actions to protect themselves from malicious actors,”
“We have noticed that Bucket owners have either carelessly allowed public writes or have not fully understood the ramifications of read and write ACL controls, or the semantics of AWS “Authenticated Users” – all of which contribute towards a wide open environment for 3rd parties to exploit the trusted interactions,”
Another point that has to be understood is that any S3 Bucket that will allow a public write, even if it just stores something as innocuous images or documents are vulnerable and endanger not only the enterprise operating the Bucket, but anyone else who interacts with that organisation through a MITM attack.
It has been recommend that those operating S3 Buckets audit their content to ensure an unauthorised party is not overwriting their code or using the server for cryptocurrency mining.