Researchers recently identified a security issue in Amazon's Elastic Computer Cloud (EC2) that allows a hacker to to locate and eavesdrop on targeted virtual machines anywhere in the cloud.
The report–with the catchy title "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Computer Clouds". According to a Computerworld article:
The attack described in the report was conducted against Amazon's Elastic Computer Cloud (EC2) service. But the vulnerabilities that enable it are generic and would likely affect other cloud providers, said Eran Tromer, a post-doctoral researcher at MIT's Computer Science and Artificial Intelligence Laboratory and one of the authors of the report. The report is scheduled to be presented at the Association for Computing Machinery (ACM) Conference on Computer and Communications Security next month.
The research raises questions about a fundamental assumption about cloud computing which says that data hosted in a cloud is relatively safe from targeted attacks because it's hard to know where in the cloud the data is located. The research also comes at a time when concerns are high about security and privacy issues related to cloud computing.
Amazon called the threat "hypothetical" and it would be difficult to initiate in practice. Perhaps we'll get a better idea of the true nature of the threat to cloud computing after the paper is presented at the ACM conference.