AWS buckets in the news again, but this time for a good cause! Or reason, what have you. A new search tool that goes by the name of BuckHacker lets users trawl through unsecure AWS S3 storage buckets.
This new service designed by white hat hackers has now launched, allowing anyone to search for unsecured data stored on Amazon Web Services servers.
It is a plugin that creates a search engine similar to Google, in order to find storage repositories that are misconfigured, potentially hosting sensitive data that is left exposed to the Internet. Typically, these discovers are made by research groups that stumble upon publicly accessible servers.
However, as revealed, BuckHacker claims to make the process far easier, allowing users to search AWS listings by using bucket name or filenames that could be associated with a company.
“The purpose of the project is to increase the awareness on bucket security, too many companies were hit for having wrong permissions on buckets in the last years. The project is still in a really super alpha stage (there are several bugs at the moment that we try to fix).”
While the tool is basic in its design, it does what it says on the tin, collecting results and storing them in a database for other users to view.
Its release comes hot on the heels of the leak of 119,000 files belonging to customers of FedEx, the courier firm. The latest in the line of high-profile AWS S3 leaks, this one contained home and email addresses of these users as well as driver license and passport details.
Aware of the issue, Amazon, already introduced default encryption for all new AWS servers, which could, in theory, prevent leaks like this happening in the future.
However, since the encryption needs to be manually applied to existing buckets, data stored on servers that a company is unware of will still be vulnerable.
But hey, every small bit helps.
At least, when it comes to security.