Forgot your password?
typodupeerror
Security Hardware IT

New 'Phlashing' Attack Sabotages Hardware 242

Posted by timothy
from the not-so-nice dept.
yahoi writes "A new type of denial-of-service attack, called permanent denial-of-service (PDOS), damages a system so badly that it requires replacement or reinstallation of hardware. A researcher has discovered how to abuse firmware update mechanisms with what he calls 'phlashing' — a type of remote PDOS attack."
This discussion has been archived. No new comments can be posted.

New 'Phlashing' Attack Sabotages Hardware

Comments Filter:
  • by Anonymous Coward on Tuesday May 20, 2008 @09:31AM (#23474386)
    I'm sick of this naming phad.
  • by mambosauce (1236224) on Tuesday May 20, 2008 @09:37AM (#23474490)
    interesting research, but we should browbeat the research for calling it phlashing
  • by Kingrames (858416) on Tuesday May 20, 2008 @09:42AM (#23474544)
    Well, you probably wouldn't value a $30 router unless you were using it at the time.

    I can easily see this being an issue, if perhaps, someone attacked your router and destroyed it in the middle of a counter-strike match or a WoW arena matchup, for example.
  • by Coopjust (872796) on Tuesday May 20, 2008 @09:42AM (#23474546)
    Is it possible to exploit firmware from the outside, unless the person has enabled remote management and is using the default password?

    Those two rarely go hand in hand.

    However, I think we'll see a lot of trojans with firmware payloads. How many people use the WRT54G? And how many access points are unsecured with the name "linksys"? Those people probably didn't change their admin password.

    Simple solution: Hardware button. You have to press it to flash the router, and you have a minute after you press it to upload the firmware. Should be an easy thing to do and provide a great amount of protection.
  • by SargentDU (1161355) on Tuesday May 20, 2008 @09:44AM (#23474574)
    I agree! phlashing sounds like flashing! Stupid to use something that is phonically identical for different outcomes.
  • This is new? (Score:4, Insightful)

    by Timothy Brownawell (627747) <tbrownaw@prjek.net> on Tuesday May 20, 2008 @09:44AM (#23474582) Homepage Journal
    I'm pretty sure I remember stories about viruses that could destroy hardware, by doing things like making the drives seek in "funny" ways (past the edge of the disc or something?) or driving wired-together pins to opposite voltages. Those sound *really* permanent, where a bad flash can be fixed by anyone with the proper equipment (JTAG programmer) unless it does that same sort of thing.
  • by kalirion (728907) on Tuesday May 20, 2008 @10:00AM (#23474810)
    Why would flashing even be allowed through remote management? My router comes with instructions to not even risk flashing through a wireless LAN connection, much less the whole big world wide net.
  • by mweather (1089505) on Tuesday May 20, 2008 @10:08AM (#23474930)
    I think it's a bit more than a fad if it's been going on 40+ years.
  • Re:Bricking (Score:5, Insightful)

    by Linker3000 (626634) on Tuesday May 20, 2008 @10:21AM (#23475156) Journal
    Not a very difficult fix for any tech savvy person with surface mount device reworking equipment - or a soldering iron, a steady hand and a great deal of faith in their ability (or practical experience) to rework SMDs with the wrong kit.

    FTFY
  • by davidwr (791652) on Tuesday May 20, 2008 @10:29AM (#23475268) Homepage Journal
    I'm sorry, but every device out there should have two factory reset switches:

    1 to reset user data, akin to a standard BIOS "reset to factory settings"
    1 to re-flash the BIOS to the factory-installed version of the BIOS, to de-brick devices.

    Furthermore, if there is anything a user can do that is designed to update the machine in a way that's irreversible without a password setting a BIOS or boot password, a hardware switch should be pressed as the information is saved. While this won't prevent social engineering, it will prevent pure software exploits from making the hardware unusable.

  • Magic Bullet (Score:5, Insightful)

    by John Hasler (414242) on Tuesday May 20, 2008 @10:40AM (#23475438) Homepage
    > "Unfortunately, there isn't a magic bullet..."

    Yes there is. It's called a write-disable switch.
  • Re:Hardware Virus (Score:3, Insightful)

    by Captain Spam (66120) on Tuesday May 20, 2008 @10:51AM (#23475618) Homepage
    I heard of viruses like those back in that time frame, too. Though when I heard of them, they were reported as spinning the hard drive heads so fast that they overheated and warped.

    But in the end, I think those were all just email hoaxes. Ah, those were the good ol' days, when hoax emails were pranks like those and not phishing scams. Now I'm all nostaligic. :-)

    All things considered, though, I don't believe the head would ever be able to do what you're suggesting due to the head never actually touching the platters and there not being enough power in the head's servo motor to cause enough destabilization to the mechanics. Similarly, the overheat story wouldn't be possible, either, unless it was an exceptionally poorly-made drive which suffered overheat problems anyway.

    Still, THAT would be an effective DoS tool. :-)
  • Re:Bricking (Score:2, Insightful)

    by jonadab (583620) on Tuesday May 20, 2008 @10:52AM (#23475632) Homepage Journal
    Not very difficult *if* you have the replacement part, with a good BIOS on it. Which is probably only available bundled on another motherboard of exactly the same model and revision...
  • by Kjella (173770) on Tuesday May 20, 2008 @11:13AM (#23475992) Homepage
    The really clueless are often too afraid to break it to do anything dangerous. It's the semi-skilled people that are really dangerous, just enough to know such things as to flash a BIOS yet completely oblivious to any problems that might cause. They're the kind that'll disable the anti-virus and firewall if you let them, because it blocks whatever important thing they're doing. If anyone ever feels the need to utter "Trust me, I know what I'm doing" it's time to duck and take cover.
  • by marxmarv (30295) on Tuesday May 20, 2008 @12:48PM (#23477816) Homepage
    About two cents in quantity, plus a penny to drill the hole and stuff the part. Plus six or seven cents for the AND gate on the write line. Times several million.
  • by Stellian (673475) on Tuesday May 20, 2008 @02:50PM (#23480098)

    I'm sorry, but every device out there should have two factory reset switches:
    Things like easy accessible switches and backup copies of the flash cost money. Granted, they don't cost very much, but when you are talking about millions of units things add up. Since these features are useless (i.e will never be used) for 99.9% of the customers, the market forces will act to remove them.
    Besides they are not really necessary if you simply engineer the old flash to accept only flashing with a digitally signed newer version. This takes a few KB of object code to implement, and will 100% block any type of software bricking, as long as the private key is secured by the manufacturer. Yes, I'd rather buy a locked down piece of hardware - that I'm not planing to run Linux on - instead of a 0.5$ more expensive or less secure, but open alternative.

Serving coffee on aircraft causes turbulence.

Working...