Since launching five years ago, Docker has proven to be an invaluable piece of software for developers and sysadmins. Unfortunately, the folks behind the service have been a bit slow to react to one specific security issue, as users found that the Docker Hub service contained 17 images with ‘back door’ access. The issue was flagged up ten months ago, but finally action is being taken.
Back in August 2017, a GitHub user discovered that an account by the name of ‘docker123321’ was posting images with backdoor access, which contained cryptocurrency mining code. Docker images are used to save time, as they contain pre-configured applications that run in a virtual machine. However, as Arstechnica points out, eventually 17 of these images contained backdoor access for cryptocurrency mining, in total, these images were downloaded over five million times.
The images, despite being brought to Docker’s attention, were not taken down for months on end. Eventually, cybersecurity firms began making noise about these security issues, and as a result, Docker has finally taken action, removing the offending images and deleting the account behind them.
However, since the account had months of time to run rogue crypto mining code, It is thought that the creator(s) of the malicious docker hub images could have made as much as $90,000.
KitGuru Says: Docker really should have done something about these images from the start. They will have to be a lot quicker the next time something like this pops up. How do you think Docker handled the situation?