Exploit Found to Brick Most HP and Compaq Laptops

← Back to Stories (view on slashdot.org)

Exploit Found to Brick Most HP and Compaq Laptops

Posted by Soulskill on Thursday December 20, 2007 @12:01PM from the cool-looking-paperweight dept.

Ian Lamont writes "A security researcher calling himself porkythepig has published attack code that can supposedly brick most HP and Compaq laptops. The exploit uses an ActiveX control in HP's Software Update. It would 'let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection.' The same researcher last week outlined a batch of additional vulnerabilities in HP and Compaq laptops, for which HP later issued patches."

19 of 294 comments (clear)

Min score:

Reason:

Sort:

Two points about the article's headline. by Whiney+Mac+Fanboy · 2007-12-20 13:02 · Score: 5, Informative

Two points about the article's headline:

1) The linked article does not describe a successful bricking. You can pop in your recovery CD & away you go.

2) This is a software problem, not a hardware problem. I doubt this exploit is going to work on my (old & crappy) HP sempron laptop, seeing as its dual booting Debian & OS X.

A better headline would be "Exploit found in HP update software" - but I guess that's just not that ad-revenue generating.

--
There are shills on slashdot. Apparently, I'm one of them.
1. Re:Two points about the article's headline. by Ignorant+Aardvark · 2007-12-20 13:05 · Score: 5, Informative
  
  It's annoying how the word brick has lost all meaning recently. If this exploit actually allowed bricking that would be huge news. But it doesn't. A computer that merely needs its OS repaired/reinstalled is not bricked. Slashdot editors, please figure that out already.
  
  --
  Cyde Weys Musings - Scrutinizing the inscrutable
2. Re:Two points about the article's headline. by Ian+Lamont · 2007-12-20 13:47 · Score: 5, Informative
  
  The original headline I submitted was: Researcher lists new HP/Compaq laptop exploits Not too far from your suggestion ...
3. Re:Two points about the article's headline. by multisync · 2007-12-20 13:59 · Score: 4, Informative
  
  I've also read about recovery CDs that entirely reformat the computer's hard drive, taking My Documents with it.
  
  Popping the hard drive in to one of those USB enclosures and copying your data files onto another machine before running the recovery CD looks after that. The summary says the exploit just corrupts Windows' kernel files. Assuming it doesn't do anything further to make your data unreadable, there is no reason to lose any data.
  
  --
  I don't care why you're posting AC
4. Re:Two points about the article's headline. by HAKdragon · 2007-12-20 14:04 · Score: 3, Informative
  
  He's probably running a hacked version of the Intel release of OSX. See http://wiki.osx86project.org/ for more info.
  
  --
  "Our opponent is an alien starship packed with atomic bombs. We have a protractor."
5. Re:Two points about the article's headline. by MorpheousMarty · 2007-12-20 14:06 · Score: 5, Informative
  
  Damn straight, I'm glad you got the comment in early. Bricking is one of the last pure computing terms around. Memory, CPU, Operating System, code, hack, have all come to mean a lot of things, but bricking still has specific meaning. If you can do anything at all to the device without touching the hardware to make it run again it is not bricked. Even if it voids the warranty. Please please please don't confuse the meaning, bricking is game over, everything else is everything else.
6. Re:Two points about the article's headline. by ehrichweiss · 2007-12-20 14:36 · Score: 5, Informative
  
  "If you can do anything at all to the device without touching the hardware to make it run again it is not bricked. Even if it voids the warranty. Please please please don't confuse the meaning, bricking is game over, everything else is everything else"
  
  I was under the impression that it was bricked if you couldn't bring it back without hacking the hardware. Like with the OpenWRT routers, they are said to be bricked if you install a bad firmware update but you can JTAG them and potentially bring them back. And that context has been around as long as I can remember.
  
  --
  0x09F911029D74E35BD84156C5635688C0
7. Re:Two points about the article's headline. by ScrewMaster · 2007-12-20 17:35 · Score: 4, Informative
  
  Exactly. The term implies that, from the perspective of its intended purpose, the device is as functional as a brick.
  
  --
  The higher the technology, the sharper that two-edged sword.
8. Re:Two points about the article's headline. by garbletext · 2007-12-20 18:41 · Score: 2, Informative
  
  At the risk of speaking in absolutes, no computer hardware warranty can be voided by any software you install, even unauthorized hacked OSX. HP claims an 'unwritten rule' where linux voids your warranty, but they likely mean that they won't support the software, which is completely understandable. UK retailer PC World got kicked around in the press, then relented for refusing to fix a broken hinge on a laptop with gentoo installed. Even if anyone did give you shit, you can always just install windows then try again.
  
  Unless you mean installing on a PC voids your OSX warranty/license, which is almost certainly the case.
9. Re:Two points about the article's headline. by ncc74656 · 2007-12-20 18:44 · Score: 3, Informative
  
  The summary says the exploit just corrupts Windows' kernel files.
  
  So how does the owner of a PC that did not come with a recovery CD get the kernel file back?
  
  HPs and Compaqs are the topic of TFA. These have either come with a set of recovery media or (more recently) a program that will burn them to CD-R or DVD-R. If the former is the case, you're all set. If the latter, and you didn't bother to make recovery discs, whose fault is that? (IIRC, it'll nag you to make them until you get around to it.)
  Lately, they've taken to putting an installable copy of Windows on one disc and installable copies of drivers and apps on the other disc(s)...that's nice for controlling how much shovelware gets loaded back on. It's not as fast as a Ghost (or whatever) image, but it's much more controllable.
  
  --
  20 January 2017: the End of an Error.
10. Re:Two points about the article's headline. by J0nne · 2007-12-20 18:51 · Score: 2, Informative
  
  Apologies for the possibly stupid question, but how are you booting OS X on an HP laptop?
  http://www.osx86project.org/
Argh by obeythefist · 2007-12-20 13:03 · Score: 4, Informative

This is NOT bricking. The OS is simply disabled and can be reinstalled/system repaired whatever.

Bricking means rendering the device completely inert and beyond normal repair methods.

--
I am government man, come from the government. The government has sent me. -- G.I.R.
Perhaps by Zebra_X · 2007-12-20 13:05 · Score: 3, Informative

We should revisit what "Brick" *actually* means: "When used in reference to electronics, "brick" describes a device that cannot function in any capacity (such as a machine with damaged firmware)." (Wikipedia)

Lately several submissions have used this term incorrectly. Come on, we're supposed to be nerds, not Cringely.
Brick? by wiredlogic · 2007-12-20 13:06 · Score: 3, Informative

Bricking refers to rendering a device inoperable in a more significant way than corrupting data on a hard drive. These machines can still be booted from external media and restored. A truly bricked device would have its firmware corrupted or suffer some sort of damage not easily repaired without specialist tools.

--
I am becoming gerund, destroyer of verbs.
Editors: Learn the meaning of words by MrBud · 2007-12-20 13:06 · Score: 2, Informative

Bricking means to render unbootable with no means of recovery other than sending back to the manufactures. This is usually done through the corruption of the firmware.
BS by Anonymous Coward · 2007-12-20 13:07 · Score: 2, Informative

Corrupt the BIOS = bricked. Corrupting Windows = not bricked.
Re:Okay, "bricked" was the wrong word...but! by erroneus · 2007-12-20 14:34 · Score: 2, Informative

"disabled by default" doesn't matter when applications require its use. We're not talking about "drive-by activex" installs. We're talking about exploitable holes in the OS through a browser control installed by a 3rd party or as required for access to a service.
You sure about that? by Anonymous Coward · 2007-12-20 15:05 · Score: 1, Informative

> Firehose: Exploit supposedly bricks most HP/Compaq laptops by Ian Lamont (1116549)

Usually, the Firehose version is exactly what you submitted and it only gets edited after acceptance. But maybe that doesn't apply to the title, I haven't paid close enough attention to be certain.
Good Grief by Kostya · 2007-12-21 01:30 · Score: 2, Informative

Come on people. I know it's all sensational and stuff to talk about bricking, but this ain't bricking. Bricking is when the device is now as "useful as a brick" or could literally be used only as a paper weight or a door stop. When it cannot be recovered or fixed, that's a brick. This is just a fouled up machine. Which viruses have been giving us since the early 90s when hard drives became standard in PCs.

It's like there's a bunch of kiddies out there who heard all the sensation about iPhones getting bricked (now that seemed like a genuine brick for quite a while) and now think that the cool term for screwed up is now "brick". Use some precision, for crying out loud.

--
"Doubt your doubts and believe your beliefs." -- Switchfoot, Ode to Chin