New 'Phlashing' Attack Sabotages Hardware 242
yahoi writes "A new type of denial-of-service attack, called permanent denial-of-service (PDOS), damages a system so badly that it requires replacement or reinstallation of hardware. A researcher has discovered how to abuse firmware update mechanisms with what he calls 'phlashing' — a type of remote PDOS attack."
Pharphetched naming (Score:5, Insightful)
thank you for another buzzword (Score:2, Insightful)
Re:I had no clue people still upgraded firmwares. (Score:3, Insightful)
I can easily see this being an issue, if perhaps, someone attacked your router and destroyed it in the middle of a counter-strike match or a WoW arena matchup, for example.
How is the mechanism exploited? (Score:5, Insightful)
Those two rarely go hand in hand.
However, I think we'll see a lot of trojans with firmware payloads. How many people use the WRT54G? And how many access points are unsecured with the name "linksys"? Those people probably didn't change their admin password.
Simple solution: Hardware button. You have to press it to flash the router, and you have a minute after you press it to upload the firmware. Should be an easy thing to do and provide a great amount of protection.
Re:thank you for another buzzword (Score:3, Insightful)
This is new? (Score:4, Insightful)
Re:How is the mechanism exploited? (Score:4, Insightful)
Re:Pharphetched naming (Score:3, Insightful)
Re:Bricking (Score:5, Insightful)
FTFY
Everything should have a factory reset switch (Score:5, Insightful)
1 to reset user data, akin to a standard BIOS "reset to factory settings"
1 to re-flash the BIOS to the factory-installed version of the BIOS, to de-brick devices.
Furthermore, if there is anything a user can do that is designed to update the machine in a way that's irreversible without a password setting a BIOS or boot password, a hardware switch should be pressed as the information is saved. While this won't prevent social engineering, it will prevent pure software exploits from making the hardware unusable.
Magic Bullet (Score:5, Insightful)
Yes there is. It's called a write-disable switch.
Re:Hardware Virus (Score:3, Insightful)
But in the end, I think those were all just email hoaxes. Ah, those were the good ol' days, when hoax emails were pranks like those and not phishing scams. Now I'm all nostaligic.
All things considered, though, I don't believe the head would ever be able to do what you're suggesting due to the head never actually touching the platters and there not being enough power in the head's servo motor to cause enough destabilization to the mechanics. Similarly, the overheat story wouldn't be possible, either, unless it was an exceptionally poorly-made drive which suffered overheat problems anyway.
Still, THAT would be an effective DoS tool.
Re:Bricking (Score:2, Insightful)
Re:I used to work with a Sys Admin like that (Score:3, Insightful)
Re:Read-only switch (Score:4, Insightful)
Re:Everything should have a factory reset switch (Score:3, Insightful)
Besides they are not really necessary if you simply engineer the old flash to accept only flashing with a digitally signed newer version. This takes a few KB of object code to implement, and will 100% block any type of software bricking, as long as the private key is secured by the manufacturer. Yes, I'd rather buy a locked down piece of hardware - that I'm not planing to run Linux on - instead of a 0.5$ more expensive or less secure, but open alternative.