Copy
Google Compute Engine virtual machines can be hijacked and made to hand over root shell access via a cunning DHCP attack, according to security researcher Imre Rad.
Though the weakness remains unpatched, there are some mitigating factors that diminish the potential risk. Overall, it s a pretty neat hack if a tad impractical: it s an Ocean s Eleven of exploitation that you may find interesting from a network security point of view.
In a write-up on GitHub, Rad explains that attackers can take over GCE VMs because they rely on ISC DHCP software that uses a weak random number generator.
A successful attack involves overloading a victim s VM with DHCP traffic so that it ends up using a rogue attacker-controlled metadata server, which can be on the same network or on the other side of the internet. The DHCP flood would typically come from a neighboring attacker-controlled system hosted within Google Cloud.