Exploit Found to Brick Most HP and Compaq Laptops

Ian Lamont writes "A security researcher calling himself porkythepig has published attack code that can supposedly brick most HP and Compaq laptops. The exploit uses an ActiveX control in HP's Software Update. It would 'let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection.' The same researcher last week outlined a batch of additional vulnerabilities in HP and Compaq laptops, for which HP later issued patches."

Two points about the article's headline.

[Whiney+Mac+Fanboy]

Two points about the article's headline:

1) The linked article does not describe a successful bricking. You can pop in your recovery CD & away you go.

2) This is a software problem, not a hardware problem. I doubt this exploit is going to work on my (old & crappy) HP sempron laptop, seeing as its dual booting Debian & OS X.

A better headline would be "Exploit found in HP update software" - but I guess that's just not that ad-revenue generating.

Re:Two points about the article's headline.

[Ignorant+Aardvark]

It's annoying how the word brick has lost all meaning recently. If this exploit actually allowed bricking that would be huge news. But it doesn't. A computer that merely needs its OS repaired/reinstalled is not bricked. Slashdot editors, please figure that out already.

Re:Two points about the article's headline.

[Ian+Lamont]

The original headline I submitted was: Researcher lists new HP/Compaq laptop exploits Not too far from your suggestion ...

Re:Two points about the article's headline.

[multisync]

I've also read about recovery CDs that entirely reformat the computer's hard drive, taking My Documents with it.

Popping the hard drive in to one of those USB enclosures and copying your data files onto another machine before running the recovery CD looks after that. The summary says the exploit just corrupts Windows' kernel files. Assuming it doesn't do anything further to make your data unreadable, there is no reason to lose any data.

Re:Two points about the article's headline.

[HAKdragon]

He's probably running a hacked version of the Intel release of OSX. See http://wiki.osx86project.org/ for more info.

Re:Two points about the article's headline.

[MorpheousMarty]

Damn straight, I'm glad you got the comment in early. Bricking is one of the last pure computing terms around. Memory, CPU, Operating System, code, hack, have all come to mean a lot of things, but bricking still has specific meaning. If you can do anything at all to the device without touching the hardware to make it run again it is not bricked. Even if it voids the warranty. Please please please don't confuse the meaning, bricking is game over, everything else is everything else.

Re:Two points about the article's headline.

[ehrichweiss]

"If you can do anything at all to the device without touching the hardware to make it run again it is not bricked. Even if it voids the warranty. Please please please don't confuse the meaning, bricking is game over, everything else is everything else"

I was under the impression that it was bricked if you couldn't bring it back without hacking the hardware. Like with the OpenWRT routers, they are said to be bricked if you install a bad firmware update but you can JTAG them and potentially bring them back. And that context has been around as long as I can remember.

Re:Two points about the article's headline.

[ScrewMaster]

Exactly. The term implies that, from the perspective of its intended purpose, the device is as functional as a brick.

Re:Two points about the article's headline.

[ncc74656]

The summary says the exploit just corrupts Windows' kernel files.

So how does the owner of a PC that did not come with a recovery CD get the kernel file back?

HPs and Compaqs are the topic of TFA. These have either come with a set of recovery media or (more recently) a program that will burn them to CD-R or DVD-R. If the former is the case, you're all set. If the latter, and you didn't bother to make recovery discs, whose fault is that? (IIRC, it'll nag you to make them until you get around to it.)

Lately, they've taken to putting an installable copy of Windows on one disc and installable copies of drivers and apps on the other disc(s)...that's nice for controlling how much shovelware gets loaded back on. It's not as fast as a Ghost (or whatever) image, but it's much more controllable.

Argh

[obeythefist]

This is NOT bricking. The OS is simply disabled and can be reinstalled/system repaired whatever.

Bricking means rendering the device completely inert and beyond normal repair methods.

Perhaps

[Zebra_X]

We should revisit what "Brick" *actually* means: "When used in reference to electronics, "brick" describes a device that cannot function in any capacity (such as a machine with damaged firmware)." (Wikipedia)

Lately several submissions have used this term incorrectly. Come on, we're supposed to be nerds, not Cringely.

Brick?

[wiredlogic]

Bricking refers to rendering a device inoperable in a more significant way than corrupting data on a hard drive. These machines can still be booted from external media and restored. A truly bricked device would have its firmware corrupted or suffer some sort of damage not easily repaired without specialist tools.