Amazon’s voice assistant wisecracks its way through SQL injection attacks on serverless environments

Developers in serverless environments must heed the threat posed to their applications by voice command inputs, an industry expert has warned.

Speaking at the Black Hat Europe conference in London last week, researcher Tal Melamed took control of vulnerable applications hosted on serverless environments using Alexa-guided SQL injection attacks.

‘Sounds like a dream’

Serverless architecture, which allows developers to build applications without provisioning a server, is becoming an increasingly popular choice among developers, said Melamed, who is leading the OWASP Serverless Top 10 project.

Code is executed only when needed and “you don’t pay for what you don’t use”, the researcher noted, adding that the approach is a boon for “experimentation and scaling up”.

Serverless application development “sounds like a dream,” he said. But if organizations are liberated from the burdens of server management, it does not follow that security concerns are fully outsourced to service providers like AWS, Azure, and Google Cloud Platform.

This is because serverless applications still execute code, said Melamed – and insecure code is vulnerable to application-level attacks.

Melamed, head of research at Protego Labs, told The Daily Swig that all too many developers are unaware that serverless environments demand a different security posture to their traditional counterparts.


Read more of the latest news on hacking techniques from The Daily Swig

Outsourcing the perimeter

Outsourcing server architecture might reduce workload, but it also tears down the security perimeter.

“Serverless is an event-driven architecture where code is triggered via different events in the cloud,” Melamed told The Daily Swig.

Unlike monolithic applications, developers are not limited to APIs.

“Code can now be executed due to an email that was received, a file that was uploaded or a database table that was changed. The ‘connection’ between those events to your code is transparent and is controlled by the cloud provider.”

All too many developers “are unaware of the adjustments” they need to make “to attend [to] those risks.”

Those adjustments include never trusting inputs, which should be validated before data is processed.

“However, [developers] need to get used to the fact that the input could come from unexpected sources, like Alexa voice commands,” added Melamed.

Alexa, what is my balance?

Melamed’s final demonstration, in which he stole data from a hypothetical user account, illustrated how a voice-command injection attack requires only “code [that’s] vulnerable to SQL injection, which accepts inputs from Alexa (or any other voice-enabled devices) and processes the input as part of the database queries without validating it first.”

Alexa translated his voice commands – such as “what is my balance?” – into code.

“I designed it so it would translate words of numbers into actual numbers,” he told attendees.

The voice-delivered code that cracked the user’s secret ID, unlocking the cash balance, was 123 or true.

The lesson to “organizations that develop voice-enabled applications” is clear, Melamed told The Daily Swig: they “should consider voice-commands as [an] input to their application.”

Melamed also launched event injection attacks through a third-party app using rest API, against cloud storage, and via email.

Melamed said his demos – coming soon to GitHub – evidenced the importance of shrinking “the attack surface by following the least-privilege principle: narrowing down the permissions of every serverless function as much as possible.”

Attendees were also urged to automate their defensive processes wherever possible.

Telling it like it is, Alexa clearly assigned blame for successful injection attacks: “In short, the problem isn’t the cloud – it’s you [the developer]”.


RELATED The best hacks from Black Hat Europe 2019