whoAMI Attack
Cybersecurity researchers have uncovered a novel name confusion attack dubbed 'whoAMI. ' This attack enables threat actors to execute code within Amazon Web Services (AWS) accounts by publishing an Amazon Machine Image (AMI) with a specific name. This vulnerability has significant implications, as it could allow unauthorized access to thousands of AWS accounts.
Table of Contents
Exploiting Misconfigured AMI Searches
The core of this attack lies in a supply chain manipulation tactic. It involves deploying a threatening AMI and deceiving misconfigured software into using it instead of the legitimate version. This vulnerability is present in both private and open-source code repositories, making it a widespread concern.
How the Attack Works
AWS allows anyone to publish AMIs, which are virtual machine images used to launch Elastic Compute Cloud (EC2) instances. The attack takes advantage of the fact that developers may neglect to specify the --owners attribute when searching for an AMI using the ec2:DescribeImages API.
For this attack to succeed, the following conditions must be met:
- The AMI search relies on a name filter.
- The search does not specify the owner, owner-alias, or owner-ID parameters.
- The request fetches the most recently created image (most_recent=true).
When these conditions align, an attacker can create a fraudulent AMI with a name matching the target's search pattern. As a result, an EC2 instance is launched using the attacker's compromised AMI, granting remote code execution (RCE) capabilities and enabling post-exploitation activities.
Similarities to Dependency Confusion Attacks
This attack bears similarities to dependency confusion exploits, where unsafe software dependencies (such as a pip package) replace legitimate ones. However, in the whoAMI attack, the compromised resource is a virtual machine image instead of a software dependency.
Amazon’s Response and Security Measures
Following the disclosure of this attack on September 16, 2024, Amazon responded promptly and addressed the issue within three days. Apple has also acknowledged that customers who retrieve AMI IDs through the ec2:DescribeImages API without specifying an owner value are at risk.
To mitigate this threat, AWS introduced a new security feature called Allowed AMIs in December 2024. This account-wide setting allows users to restrict the discovery and use of AMIs within their AWS accounts, significantly reducing the attack surface. Security professionals recommend that AWS customers evaluate and implement this new control to safeguard their cloud environments from name confusion attacks.