Breaking ML Services: Finding 0-days in Azure Machine Learning


August 25, 2023




Track 2

Cloud service providers offer MachineLearningasaService platforms, enabling companies to leverage the power of scalability & reliability while performing ML operations. With huge adoption of such systems worldwide, the security posture of the platform itself often may go unnoticed as it has been observed in previous research about vulnerabilities in Google’s AI Hub and AWS’s Sagemaker Jupyter Notebook services. 
We investigated Azure ML, a managed MLaaS offering from Microsoft. We found five 0days over three broad classes of security issues namely: 
Insecure logging of sensitive informationWe found five instances of credentials leaking in cleartext on Compute Instances, due to insecure usage of open-source components and insecure system design of how the environment was being provisioned. 
MLSee: A vulnerability allowing sensitive information disclosureWe found a case of exposed APIs in cloud middleware leaking sensitive information from Compute Instances. The vulnerability could be leveraged by network-adjacent attackers after initial access to laterally move or snoop in on the commands executed using Jupyter terminal on a Compute Instance. 
Achieving Persistence – While reversing cloud middleware to decipher their functionality, we found two ways to achieve persistence in AML environments. First, An attacker could fetch the Storage Account access key and the Azure AD JWT of the system-assigned managed identity assigned to the Compute Instance, even from non-Azure environments.
Through this talk, the attendees will learn about the different issues that were found in AML, which may extend to other Cloud-based MLaaS platforms. As we take a deep dive into the security issues, we will be demonstrating various techniques we adopted while researching the service, giving the attendees a glimpse of how the security of managed services like AML can be assessed when there are blurred lines in the shared responsibility model…

Senior Security Threat Researcher

Trend Micro

Nitesh Surana works as a Senior Threat Researcher with Trend Micro. His passion revolves around Cloud Vulnerability & Security Research, Developer Security, Threat Hunting, building honeypots targeting container environments and finding abuse vectors for cloud services. Previously, Nitesh has been credited for reporting security issues to various companies, startups, and governments. His findings have been recognized by the US Department of Defense, the Zero Day Initiative and his research has been mentioned across ZDNet, BleepingComputer, TheHackerNews, Dark Reading, The Register amongst others. In addition to his previous work in a Managed Security Operations Center and Purple Teaming, he has presented on existing and new research in communities and conferences such as Null/OWASP Bangalore, DecodePH, c0c0n, Security BSides, NDC. Apart from playing with packets and syscalls, Nitesh is found attending concerts and playing music.