S3 - Security
Following are some interesting security scenarios :-
Scenario I - My S3 is open
Many times S3 bucket are open to world and allows un-authorized read and write access. This was the major reason for CapitalOne breach.
In order to list objects in a S3 bucket named "test-bucket" simply either visit https://test-bucket.s3.amazonaws.com
or perform the following API call.
Senario II - S3 Ransomware
We share a research done by RhinoSecurity team which is cloud's equivalent for Ransomware in S3. S3 bucket with write access can be encrypted with a KMS key which belongs to attacker's account. In this case, the owner of bucket will not be able to decrypt the content since the encrypted key doesn't belong to his account. Once the bucket has been encrypted, attacker can leave ransom.txt as a ransom note and ransom the bucket.
More details about this interesting research can be found here
Scenario III - Bucket Policy wide open
Many times users make sure to not make bucket public but a misconfigured bucket policy makes a bucket public indirectly.
For example consider the below bucket policy :-
This policy is a vulnerable S3 policy which indicates that Anyone on internet can download objects from my bucket securitylabs-articles
.
Here the vulnerable part is the Principal field which is *
which indicates that anyone on internet can download objects. Assuming there is a object called note.txt
then to download the object one has to just make the below curl request
Last updated