AWS Whoopsie: The Sneaky “whoAMI” Attack Exposing Cloud Vulnerabilities!
Beware the whoAMI attack! Researchers reveal a name confusion trick allowing sneaky hackers to execute code in AWS accounts by publishing an Amazon Machine Image with a cheeky name. Don’t let them AMI-ss you; use the owners attribute when searching, or it might be a case of AM-I hacked? Stay alert, AWS users!

Hot Take:
Who knew a simple game of “whoAMI” could turn into a cybersecurity hide-and-seek nightmare? Forget playing peek-a-boo with your dog, because cybercriminals are now playing “whoAMI” with your AWS accounts. It’s like they found a way to turn Amazon’s cloud into a mischievous game of tag, except you’re “it” and didn’t even know you were playing. Yikes!
Key Points:
- The whoAMI attack allows arbitrary code execution in AWS accounts via AMI name confusion.
- Potentially affects thousands of AWS accounts, with an estimated 1% vulnerability rate.
- The attack exploits users’ failure to specify the owner, allowing malicious AMIs to appear in searches.
- Datadog Security Labs published a proof-of-concept video demonstrating the attack.
- Amazon has introduced controls to mitigate the threat, including Allowed AMIs and warnings in terraform-aws-provider 5.77.
Already a member? Log in here