Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

New 'Phlashing' Attack Sabotages Hardware

Posted by timothy on Tue May 20, 2008 09:29 AM
from the not-so-nice dept.
Security Hardware IT
yahoi writes "A new type of denial-of-service attack, called permanent denial-of-service (PDOS), damages a system so badly that it requires replacement or reinstallation of hardware. A researcher has discovered how to abuse firmware update mechanisms with what he calls 'phlashing' — a type of remote PDOS attack."
+ -
story

Related Stories

Firehose:New 'Phlashing' Attack Sabotages Hardware by yahoi (1239028)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

New 'Phlashing' Attack Sabotages Hardware 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Pharphetched naming (Score:5, Insightful)

    by Anonymous Coward on Tuesday May 20 2008, @09:31AM (#23474386)
    I'm sick of this naming phad.

    • Re:Pharphetched naming (Score:5, Funny)

      by Thanshin (1188877) on Tuesday May 20 2008, @09:45AM (#23474588)
      I pheel it phaitphully phollows the phirst uses oph it.

      • Re:Pharphetched naming (Score:5, Funny)

        by davidpbrown (757067) on Tuesday May 20 2008, @09:56AM (#23474742) Homepage
        Reminds me of the European Commission

        The European Commission has announced an agreement whereby English will be the official language of the EU, rather than German, which was the other contender. Her Majesty's Government conceded that English spelling had room for improvement and has therefore accepted a five-year phasing in of "Euro-English".

        In the first year, "s" will replace the soft "c". Sertainly, this will make sivil servants jump for joy. The hard "c" will be dropped in favour of the "k", Which should klear up some konfusion and allow one key less on keyboards.

        There will be growing publik enthusiasm in the sekond year, when the troublesome "ph" will be replaced with "f", making words like "fotograf" 20% shorter.

        In the third year, publik akseptanse of the new spelling kan be expekted to reach the stage where more komplikated changes are possible. Governments will enkourage the removal of double letters which have always ben a deterent to akurate speling. Also, al wil agre that the horible mes of the silent "e" is disgrasful.

        By the fourth yer, peopl wil be reseptiv to steps such as replasing "th" with "z" and "w" with "v".

        During ze fifz yer, ze unesesary "o" kan be dropd from vords kontaining "ou" and similar changes vud of kors be aplid to ozer kombinations of leters. After zis fifz yer, ve vil hav a reli sensibl riten styl. Zer vil be no mor trubls or difikultis and everivun vil find it ezi to understand ech ozer. ZE DREM VIL FINALI COM TRU!

        Herr Schmidt

    • Re:Pharphetched naming (Score:5, Funny)

      by Kamineko (851857) on Tuesday May 20 2008, @09:46AM (#23474608)
      It sure as hell beats phbricked.

    • source of the name (Score:5, Interesting)

      by straponego (521991) on Tuesday May 20 2008, @10:15AM (#23475042)
      PHLASH.EXE is the name of Phoenix's BIOS upgrade tool.

      I am not making this up: less than a week ago, I woke up thinking: what to firmware, BIOS, TPM, and IPMI have in common? They'd all be great vectors for bricking a machine.

  • Read-only switch (Score:5, Interesting)

    by ettlz (639203) on Tuesday May 20 2008, @09:36AM (#23474468) Homepage Journal
    ...or jumper. How much more would that cost?

  • Bricking (Score:5, Funny)

    by ThrudTheBarbarian (670936) on Tuesday May 20 2008, @09:37AM (#23474484)
    FINALLY! *This* is bricking

      • Re:Bricking (Score:5, Insightful)

        by Linker3000 (626634) on Tuesday May 20 2008, @10:21AM (#23475156)
        Not a very difficult fix for any tech savvy person with surface mount device reworking equipment - or a soldering iron, a steady hand and a great deal of faith in their ability (or practical experience) to rework SMDs with the wrong kit.

        FTFY

  • How is the mechanism exploited? (Score:5, Insightful)

    by Coopjust (872796) on Tuesday May 20 2008, @09:42AM (#23474546)
    Is it possible to exploit firmware from the outside, unless the person has enabled remote management and is using the default password?

    Those two rarely go hand in hand.

    However, I think we'll see a lot of trojans with firmware payloads. How many people use the WRT54G? And how many access points are unsecured with the name "linksys"? Those people probably didn't change their admin password.

    Simple solution: Hardware button. You have to press it to flash the router, and you have a minute after you press it to upload the firmware. Should be an easy thing to do and provide a great amount of protection.

  • That's the best they could come up with (Score:5, Funny)

    by Zerth (26112) on Tuesday May 20 2008, @09:42AM (#23474560) Homepage
    Phlashing? And he calls his demo code PhlashDance? Good way to make this seem completely silly. "Damn it, we've been phlashdanced!" That'll really get management to up your security budget, if they ever stop laughing.

    It figures that when "bricking" might be remotely appropriate, they pick something worse.

    It could have been remote bricking, BOIP(brick over IP), brick-and-run, packet bricking, warbricking.

    Even brick-o-gram(landshark).

    Sigh...

  • Proof of concept (Score:5, Funny)

    by Malevolent Tester (1201209) * on Tuesday May 20 2008, @09:47AM (#23474626) Journal
    Dear Sir, I am the former son of the Nigerian dictator Sonni Abacha. I would like to give you several million dollars. To receive this, please add a static IP to your D-Link router and reboot it.

  • I used to work with a Sys Admin like that (Score:5, Interesting)

    by MosesJones (55544) on Tuesday May 20 2008, @09:49AM (#23474648) Homepage
    He used to be able to turn any working piece of kit into a piece of metal art in about 20 seconds, EVERYTHING was always a BIOS issue and he would NEVER check with anyone before replacing the BIOS.

    Lets be clear about how dumb this person was, he had a BIOS that worked on his test servers and would then apply that to all the other servers INDEPENDENT OF HARDWARE OR OS. He would then start the machines (which of course wouldn't start) declare them "broken" and say the issue was with the software.

    We did some low level hardware stuff in our software and it did break the boxes sometimes so it took 2 months of painful testing and debugging which found nothing, it only came about because one of the team had a heavy night and decided to "rest" in the server room and saw the moron apply the BIOS to a server that had been running and then scurry out to blame the team again.

    Basic rule after then was BIOS set to read-only and locked down with a secure password, to this day my BIOS has a password thanks to the sheer physical shock of realising how dumb some people can be.
     

  • Hardly a new phenomenon (Score:5, Informative)

    by g051051 (71145) on Tuesday May 20 2008, @10:09AM (#23474940) Homepage
    This isn't exactly a new problem...in the early days, you could fry a monitor by setting the video card to absurd refresh rates, and you could destroy hard disks by issuing bogus stepping commands to the heads and slamming them into the stops.

  • Works in real life too ! (Score:5, Funny)

    by garett_spencley (193892) on Tuesday May 20 2008, @10:14AM (#23475026) Journal
    The last time I "phlashed" someone in real-life I received a permanent injunction and restraining order from a very nice judge in court. I guess you can call that a permanent denial of service.
  • I'm sorry, but every device out there should have two factory reset switches:

    1 to reset user data, akin to a standard BIOS "reset to factory settings"
    1 to re-flash the BIOS to the factory-installed version of the BIOS, to de-brick devices.

    Furthermore, if there is anything a user can do that is designed to update the machine in a way that's irreversible without a password setting a BIOS or boot password, a hardware switch should be pressed as the information is saved. While this won't prevent social engineering, it will prevent pure software exploits from making the hardware unusable.

  • Magic Bullet (Score:5, Insightful)

    by John Hasler (414242) on Tuesday May 20 2008, @10:40AM (#23475438)
    > "Unfortunately, there isn't a magic bullet..."

    Yes there is. It's called a write-disable switch.

    • Re:Sometimes I wonder... (Score:5, Informative)

      by trongey (21550) on Tuesday May 20 2008, @10:30AM (#23475298) Homepage

      Sometimes I wonder the mindset that even goes into creating something like this. ... I can understand if mobster types are trying to do a virtual bank robbery,...
      Close. It's called extortion. You do this to one of a site's machines. Then you send the demand for payment with a threat to do it to the rest of their machines. It's been happening to gambling and porn sites for years since law enforcement agencies don't usually get in a hurry to apprehend people who attack those sites. They have been using DDoS, so this would just be a bigger hammer.

    • Re:Hardware Virus (Score:5, Interesting)

      by Anonymous Coward on Tuesday May 20 2008, @10:37AM (#23475388)
      I experimented with a technique (that worked) on the Commodore 64. You could address the floppy drive directly to move the drive head to the innermost position, which was on the opposite side of the "track 0" microswitch. Then you deliberately crash the CPU on the drive. When it POSTs it moves the head inward to track 0 to initialize. Since the head is on the wrong side of the switch it never gets there, makes a terrible noise, and gives up.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.