Hey guys,
since Leroy wrote a great article about Hostile Domain Takeover I thought about writing one about S3 Bucket takeover which is also a common attack scenario.

Introduction

S3 Bucket takeover describes the issue of claiming an S3 Bucket which was previously owned by someone else.

This issue may lead to several attacks like identity theft, credential stealing or website defacing. Usually, this issue is difficult to detect.

Real-World Scenario

Luckily I found such an orphaned bucket that has been used by Amazon AWS China. They used this bucket to provide some example AWS Cloudformation files. However, they deleted the bucket on their side and I was able to register the bucket.

What could have happened?

An attacker we’re able to spread malicious Cloudformation files to AWS customers which may lead to account takeover or massive cryptocurrency mining.

Positive Outcome

AWS is very aware of its security and they provide a dedicated Vulnerability Reporting site. According to their website, I sent a Mail to the AWS security team which includes a small report regarding their orphaned S3 bucket. After approximately three days we managed to transfer the bucket name to their account.

Conclusion

Well, it’s quite hard to say how to protect such attacks. Anyway, you should keep your S3 buckets in mind. Orphaned buckets may lead to severe security issues.

At my company, we simply try to hide S3 buckets and never use them for public usage.

If you have any ideas on how to protect your buckets please leave a comment to tell the world. 🙂

Stay safe guys!

Title Image via unsplash.com


Marvyn Zalewski

Marvyn Zalewski

Marvyn is a nerdy guy which is into Linux and everything connected to it. He also loves to automate his home and build up a home lab which includes e.G. a custom steam machine and backup automation. He loves to hear EDM music and try to become a gin enthusiast.

0 Comments

Leave a Reply

Your email address will not be published.

9 + fourteen =