New 'Phlashing' Attack Sabotages Hardware 242
yahoi writes "A new type of denial-of-service attack, called permanent denial-of-service (PDOS), damages a system so badly that it requires replacement or reinstallation of hardware. A researcher has discovered how to abuse firmware update mechanisms with what he calls 'phlashing' — a type of remote PDOS attack."
I had no clue people still upgraded firmwares. (Score:3, Interesting)
I can't tell you the last time upgraded the bios on a motherboard. I think it was an older P3 Dell PowerEdge because I was installing Linux on it.
Read-only switch (Score:5, Interesting)
Surely this isn't that much of a problem (Score:4, Interesting)
To me this looks like talking up a non existent problem - but I'm open to persuasion otherwise.
Re:I had no clue people still upgraded firmwares. (Score:2, Interesting)
I used to work with a Sys Admin like that (Score:5, Interesting)
Lets be clear about how dumb this person was, he had a BIOS that worked on his test servers and would then apply that to all the other servers INDEPENDENT OF HARDWARE OR OS. He would then start the machines (which of course wouldn't start) declare them "broken" and say the issue was with the software.
We did some low level hardware stuff in our software and it did break the boxes sometimes so it took 2 months of painful testing and debugging which found nothing, it only came about because one of the team had a heavy night and decided to "rest" in the server room and saw the moron apply the BIOS to a server that had been running and then scurry out to blame the team again.
Basic rule after then was BIOS set to read-only and locked down with a secure password, to this day my BIOS has a password thanks to the sheer physical shock of realising how dumb some people can be.
Re:This is new? (Score:3, Interesting)
Re:In Italy (Score:2, Interesting)
And no, I'm not going to tell you who my ISP is.
Hardware Virus (Score:4, Interesting)
Anyone else remember this? I had only seen it once and have never been able to find a reference to it.
This would have been in the mid '90s. I have been wracking my brain over finding it since then.
Anyone else who has heard of this, reply and let me know.
Re:Bricking (Score:3, Interesting)
Re:Surely this isn't that much of a problem (Score:1, Interesting)
What if one were able to upload firmware from device type A, a certain DVD-Writer, to device type B, a CD-ROM? I realize it isn't the best example, but wouldn't having the wrong firmware type (not just a different hacked version of the same type of drive) completely brick that hardware? From that standpoint, I don't think the firmware would have to be "targeted" per se.
One could of course create a program that detects f.ex. which manufacturer's motherboard you are using and then take the necessary steps to flash the firmware but then you'd still have to create atleast a dozen different implementations.
As for the article..this is NOTHING NEW! There has been such malware/viruses in the wild even before that could brick certain motherboards in use. The word used for such attacks has been "bricking", so why invent some new and "cool" word for it now all of a sudden?
source of the name (Score:5, Interesting)
I am not making this up: less than a week ago, I woke up thinking: what to firmware, BIOS, TPM, and IPMI have in common? They'd all be great vectors for bricking a machine.
Damaged hardware might finally get people to care (Score:1, Interesting)
If one botnet got taken over and the disks on that botnet's host got passwords set on them and the resulting mess got good press, the spamming industry might actually take a big hit.
Re:Nothing to see, move on folks. (Score:3, Interesting)
It is of interest. Think about it. If you wanted to do damage to company xyz, you social engineer the information for what PCs they are using, the CD hardware etc., routers, blah blah blah... then silently release a worm or virus that redirects them to your special webpage. brick brick brick brick until their productivity grinds to a halt.... if some get bricked for the CD, others for the motherboard, others because of routers... it matters not. What is being shown is that it is POSSIBLE to do this.
In this day and age, shame on your for dismissing it as not possible. May your body rot next to that of the designer of the Titanic. If it can happen, it will, and probably already is. I could write a virus that is undetected, and does nothing but look for people who have a bill.gates in their address book, and upon finding one, sit patiently, wait till idle time, then delete the oldest
Perhaps your virus waits till it sees acks from 40 other machines on the same LAN segment, then they all start bricking things?
This *IS* of interest. Welcome to Tuesday.
Re:Hardware Virus (Score:5, Interesting)
Re:I had no clue people still upgraded firmwares. (Score:5, Interesting)
Business wise: I would go higher end as time==money. Better reliability can be afforded.
It does what I want it to do, and it does it well. And cheap.
Already done in 1998 (Score:5, Interesting)
Re:This is new? (Score:3, Interesting)
In the good old DOS PC days when 10Mb hard disks were 'big' and 'Stoned' was probably the only wild virus ever found on the lab machines..
There was an issue wrt Stoned I think, or some other virus of the time whose name escapes me, its final action was to zap the old MFM hard disks via some low level init call, but, this wasn't fatal as we could get the info back off them with a bit of faffing, however, the first generation of those new fangled IDE disks, the same init call permanently screwed the disks.
It killed a number of expensive large (40Mb) hard disks back then in the lab..thanks mainly to one serial offender who disabled the virus scanners on these new machines when they stopped him running infected code off floppies. (don't ask, the guy was a serious pain..)
I also remember a fun summer spent manually repositioning the heads on a bunch of MFM drives by trial and error which had 'gone faulty' after virus infestation, turned out there was a small grub screw which worked loose on an optical interrupter on the head positioning motor shaft if the drive was particularly hammered (lots of seeks over a short period of time etc). There was an opening of the case and a lot of twiddling and adjusting whilst watching the position of the heads over the platters (not carried out in a clean, dust free environment I hasten to add). As that was one brand of HD, I doubt it was a targeted effect of a virus though, just bad design.
My memory is vague on this, as I was more hardware design and Sun support..
Re:Pharphetched naming (Score:2, Interesting)
Each time I read this, it gets easier to read the final paragraph. However, it still has at least two issues. The first is the overloading of the v with w which have different sounds. The second is that British English has about 11 non-dipthong vowels (which is really most of the issue with spelling), and the "new spelling system" (let's call it a Rechtschreibung) doesn't really address that. This of course, can also lead to the issues of sh and ch. Although if you left sh as the s symbol, you wouldn't be able to drop a letter from the keyboard. Furthermore, does Z replace th as in thin or th as in than? If it replaces both, there is not advantage to its replacement.
Since we are inclined to speak of a Rechtschreibung, can we address issues like it's versus its? Perhaps, we can add back some of our missing pronouns (i.e. wit to mean you, I, and maybe others versus I and others, excluding you; gé to mean plural you). Oh, the list can go on for some time, but if we propose a Rechtschreibung, we should do it right.
</pedantic>
This is not really new.. (Score:5, Interesting)
Something about the people there always saying "there's nothing you can type on the computer that will hurt it..."
Re:I had no clue people still upgraded firmwares. (Score:3, Interesting)
Not that comfortable with doing it yourself? Buy an http://www.imagestream.com/ [imagestream.com]ImageStream Envoy or Transport, then. It'll cost you a little more (I think a brand new Transport is about $800, but the Envoy is a lot less), and it'll smoke any Cisco up to 3-5X the price
Re:source of the name (Score:1, Interesting)
We went through several Motherboards before we realized what was going on. At with point we removed the "enable flash update" jumper from the board and were able to clean the virus out.
But they can't patent it because there's prior art (Score:3, Interesting)
These days, though, I suppose that he'd probably be charged with something. The smart thing to do if you learn of such bugs is probably to not notify anyone, especially not the vendor or your employer. Instead, you quietly offer the information (for a price of course) to various "interested parties" for whatever use they'd like to make of it.
Another time, some students figured out a bug in Univac's tape drives. They found code that sent commands to spool forward and rewind with timing such that the drive did both - which snapped the tape. They were also not believed, so they demoed it. They submitted a job that asked for a scratch tape, wrote a few KB of data, and snapped the tape. Then it asked for another scratch tape. It didn't take too many tapes before the operators figured out that they should call in the CS people.
I'll bet that others here have a bunch of similar stories. And nonetheless, a future story will be the patenting of using such bugs for "PDOS" attacks. Probably by our favorite whipping boy, Microsoft, who will patent such attacks as a way of enforcing licensing restrictions or DRM.
Maybe the fellow the story is about can get the patent first