It’s not a good time for Docker, the well-known open source platform that developers use to build and manage (wanting to simplify) container. In fact, according to the study carried out by the researchers of the RWTH Aachen Universityin Germany, tens of thousands of container images on Docker Hub with confidential information would have been exposed to serious attacksthus putting endangered software, online platforms and, of course, users.
Docker Hub under attack: what was discovered
Docker Hub is a cloud-based repository (a digital vault) that the Docker community can leverage to store, share, and distribute Docker images (“The world’s largest library and community for container images“). These containers include all the software code, runtime, libraries, environment variables, and ultimately the configuration files needed to deploy an application to Docker.
The researchers sifted through more than 337,000 images on Docker Hub and hundreds of private registries. Well, they found that around 8.5% of them contain sensitive data like private keys and Secret API. The shared document – available here – reveals that many of the exposed keys are used on a regular basisthereby threatening everything that depends on them, such as certificates.
Through data analysis, the researchers revealed that as many as 52,107 valid private keys and 3,158 Secret APIs were exposed in over 28,000 Docker images.
Researchers from the University of Aachen subsequently dug deeper so that they could understand the true extent of the attack. Quite alarming is that they have been found over 22,000 compromised certificates based on the private keys exposed. Furthermore, using the Censys database, they discovered that as many as 275,269 hosts (MQTT, FTP, SIP, SMTP, IMAP and more) rely on compromised keys.
What does this mean? That there is a real problem with container security and that users create images without worrying about “cleaning” them, i.e. without deleting sensitive data. As for APIs, the study revealed that the majority of containers (2,920) are owned by cloud service providers such as Amazon AWSwhile others belong to financial services such as Stripe.