Exploit Found to Brick Most HP and Compaq Laptops

Ian Lamont writes "A security researcher calling himself porkythepig has published attack code that can supposedly brick most HP and Compaq laptops. The exploit uses an ActiveX control in HP's Software Update. It would 'let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection.' The same researcher last week outlined a batch of additional vulnerabilities in HP and Compaq laptops, for which HP later issued patches."

Two points about the article's headline.

[Whiney+Mac+Fanboy]

Two points about the article's headline:

1) The linked article does not describe a successful bricking. You can pop in your recovery CD & away you go.

2) This is a software problem, not a hardware problem. I doubt this exploit is going to work on my (old & crappy) HP sempron laptop, seeing as its dual booting Debian & OS X.

A better headline would be "Exploit found in HP update software" - but I guess that's just not that ad-revenue generating.

Re:Two points about the article's headline.

[Ignorant+Aardvark]

It's annoying how the word brick has lost all meaning recently. If this exploit actually allowed bricking that would be huge news. But it doesn't. A computer that merely needs its OS repaired/reinstalled is not bricked. Slashdot editors, please figure that out already.

Re:Two points about the article's headline.

[Ian+Lamont]

The original headline I submitted was: Researcher lists new HP/Compaq laptop exploits Not too far from your suggestion ...

Re:Two points about the article's headline.

[multisync]

I've also read about recovery CDs that entirely reformat the computer's hard drive, taking My Documents with it.

Popping the hard drive in to one of those USB enclosures and copying your data files onto another machine before running the recovery CD looks after that. The summary says the exploit just corrupts Windows' kernel files. Assuming it doesn't do anything further to make your data unreadable, there is no reason to lose any data.

Re:Two points about the article's headline.

[MorpheousMarty]

Damn straight, I'm glad you got the comment in early. Bricking is one of the last pure computing terms around. Memory, CPU, Operating System, code, hack, have all come to mean a lot of things, but bricking still has specific meaning. If you can do anything at all to the device without touching the hardware to make it run again it is not bricked. Even if it voids the warranty. Please please please don't confuse the meaning, bricking is game over, everything else is everything else.

Re:Two points about the article's headline.

[ehrichweiss]

"If you can do anything at all to the device without touching the hardware to make it run again it is not bricked. Even if it voids the warranty. Please please please don't confuse the meaning, bricking is game over, everything else is everything else"

I was under the impression that it was bricked if you couldn't bring it back without hacking the hardware. Like with the OpenWRT routers, they are said to be bricked if you install a bad firmware update but you can JTAG them and potentially bring them back. And that context has been around as long as I can remember.

Re:Two points about the article's headline.

[ScrewMaster]

Exactly. The term implies that, from the perspective of its intended purpose, the device is as functional as a brick.

Argh

[obeythefist]

This is NOT bricking. The OS is simply disabled and can be reinstalled/system repaired whatever.

Bricking means rendering the device completely inert and beyond normal repair methods.