System virtualization goes to a great deal to offer this isolation, especially on the hypervisor layer where virtual machines of different actors can potentially run on the same hardware. So a strong isolation of is paramount importance.
How a VM is really isolated? Enough… but there is a gap between the theory and the reallity.
Of course, the virtual networking expose all kind of network attacs from and to the guest, but there are several solutions (like, for example, NSX) to try to minimize this kind of risks. But the network is needed, because a real isolated system is quite useless in a typical client-server approach.
Quite different if a VM can break the host isolation: VMware (and other enterprise hypervisor vendor) have work hard to avoid these types of issues or to try to minimize. Bugs exists, but they have been corrected.
There are potential security risks because some parts are shared across the virtual environment. One good example was the theorically risk related to VMware TPS (see Bye bye Transparent Page Sharing) where some academic papers have demonstrated that by forcing a flush and reload of cache memory, it is possible to measure memory timings to try and determine an AES encryption key in use on another virtual machine running on the same physical processor of the host server if Transparent Page Sharing is enabled between the two virtual machines. This is related to privacy aspect, but does not exist a real exploit that can used it, and TPS is now turned off by default.
And there are also some bugs at hardware level (see Meltdown and Spectre: critical vulnerabilities in several processors).
But isolation does not mean to totally hide the reality. A VM seems like a physical system, but it’s possible to found if the system is physical or virtual.
Red pill refers to the truth behind a situation, especially a truth that is difficult to accept.
Red pill comes from the 1999 cult classic film, The Matrix. There’s a scene early on in the movie in which the main character, Neo, is offered two pills: a red one and a blue one. The red pill represents an awakening, but one that could be difficult and painful.
Recently at Pwn2Own the “Virtualization” category was introduced, and VMware was among the targets since Pwn2Own 2016.
Hypervisor’s scope is not to hide totally the presence of the virtualization layer, so thos red pills works well to identify the real world.
And by the way, if you look that the virtual hardware inside a VM you can easilly find the type of hypervisor checking the name of the virtual disks, the type of storage or network controllers, and other informantion.
For more information see also: A bunch of Red Pills: VMware Escapes