Risk and Reward: Docker Security Threats You Need to Know About

Featured article by Lora Young, Independent Technology Author

Docker is here to stay. It’s only natural that the computer science industry leans toward that which is more efficient and more universal. If you were handed keys to a new sports car, you’re apt to leave your old car, 9 times out of 10. But with new things come new risks. In the case of a new high-end speed devil, one risk lies in having to adjust to the new car — how it handles, its mileage, how easy it is to scrape against curbs because of the low ride height. Not only that, but you’re bound to catch attention, and sometimes, it’s the attention of unscrupulous elements.

The same concept applies to Docker. It’s the new hotness on the road and it, too, comes with an array of nifty tricks up its sleeve. But like the car thieves who are constantly on the lookout for unattended high-end cars to steal, you should be wary of these security threats to Docker. And while it’s always best to fully understand these concepts first through a Pro Docker Training program, a bit of extra knowledge should be good.

Kernel Exploits

A kernel is a program that is the core of the operating system. It practically handles everything to do with your computer. In Docker, the kernel is shared among all containers, as well as that of the host. This essentially means that all your tomatoes share the same basket. If one tomato were to rot, the entire batch would follow. A single container that causes the kernel to panic can potentially bring the host down with it as well.

Tampered Container Images

When a container image is tampered with, an attacker can essentially get you to trigger something malicious as soon as you open the image. One recent incident, where 17 container images were said to contain Monero Miners, was found to have netted crypto criminals around $90,000. The images were uploaded onto the Docker Hub and as a whole, these images were downloaded at least 5 million times. These container images have been taken down as of May 10th, 2018.

Ransomware

These types of attacksresult in the inability of a particular system to function properly — if it functions at all. This risk is further amplified by the fact that container images all share the same kernel. In a situation where an attacker is able to gain access to one container, that container can be used to alter resource allocation to such a point that the bad container will be able to drain all other containers of valuable resources, thus rendering part of, or an entire system, unusable.

Data Leaks

Containers are often required to come with a particular API key, and a password (and username, of course) whenever one attempts to gain access to the database or service it is governed by. This presents a security risk where an attacker who is able to gain access to the container is consequently able to gain access to the database or service the container is found within. It’s almost as bad as using the same key for your gate as well as your front door and every other room in your house.

About the Author

Lora Young was born in January 1992. Today, she is a digital marketer who has several years of experience in working with non-profit organizations. She has extensive knowledge in the fields of Education, Computer Science, and Psychology. When she isn’t helping build brands, she practices Muay Thai and run marathons.