ECS-cape – Hijacking IAM Privileges in Amazon ECS
Naor Haziz
fwd:cloudsec North America 2025 · Day 1 · Track 2 - Crestone
Naor Haziz, a software developer and security researcher at Sweet Security, presented a vulnerability he discovered in **Amazon ECS** (Elastic Container Service) that allows any container running on an EC2 instance to hijack the IAM role credentials of every other container on the same host. Dubbed **ECScape** (a play on ECS + escape), the attack exploits the internal **Agent Communication Service (ACS)** protocol to impersonate the ECS agent and receive all task role credentials over a WebSocket connection. The vulnerability requires no misconfigurations -- **IMDS** is enabled by default for ECS tasks, and the ECS instance role has the necessary permissions out of the box. AWS acknowledged the issue, updated their documentation, and stated that hundreds of millions of containers are potentially affected, but classified it as not presenting a security concern for AWS and declined to change the default behavior.
AI review
This is the real deal. Haziz reverse-engineered an undocumented internal AWS protocol, built a complete exploitation chain from zero permissions to full admin credential theft, delivered a live demo that nuked an S3 bucket, and released a working tool in Rust. The attack requires zero misconfigurations and affects hundreds of millions of containers by AWS's own admission. This is exactly the kind of research that makes me glad I showed up.