Exploit Found to Brick Most HP and Compaq Laptops

← Back to Stories (view on slashdot.org)

Exploit Found to Brick Most HP and Compaq Laptops

Posted by Soulskill on Thursday December 20, 2007 @12:01PM from the cool-looking-paperweight dept.

Ian Lamont writes "A security researcher calling himself porkythepig has published attack code that can supposedly brick most HP and Compaq laptops. The exploit uses an ActiveX control in HP's Software Update. It would 'let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection.' The same researcher last week outlined a batch of additional vulnerabilities in HP and Compaq laptops, for which HP later issued patches."

33 of 294 comments (clear)

Two points about the article's headline. by Whiney+Mac+Fanboy · 2007-12-20 13:02 · Score: 5, Informative

Two points about the article's headline:

1) The linked article does not describe a successful bricking. You can pop in your recovery CD & away you go.

2) This is a software problem, not a hardware problem. I doubt this exploit is going to work on my (old & crappy) HP sempron laptop, seeing as its dual booting Debian & OS X.

A better headline would be "Exploit found in HP update software" - but I guess that's just not that ad-revenue generating.

--
There are shills on slashdot. Apparently, I'm one of them.
1. Re:Two points about the article's headline. by Ignorant+Aardvark · 2007-12-20 13:05 · Score: 5, Informative
  
  It's annoying how the word brick has lost all meaning recently. If this exploit actually allowed bricking that would be huge news. But it doesn't. A computer that merely needs its OS repaired/reinstalled is not bricked. Slashdot editors, please figure that out already.
  
  --
  Cyde Weys Musings - Scrutinizing the inscrutable
2. Re:Two points about the article's headline. by smittyoneeach · 2007-12-20 13:33 · Score: 4, Funny
  
  All in all, it was just a brick in the wall.
  
  --
  Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
3. Re:Two points about the article's headline. by abigor · 2007-12-20 13:40 · Score: 4, Interesting
  
  Apologies for the possibly stupid question, but how are you booting OS X on an HP laptop?
4. Re:Two points about the article's headline. by Ian+Lamont · 2007-12-20 13:47 · Score: 5, Informative
  
  The original headline I submitted was: Researcher lists new HP/Compaq laptop exploits Not too far from your suggestion ...
5. Re:Two points about the article's headline. by Nosklo · 2007-12-20 13:58 · Score: 5, Insightful
  
  But do these computers come with a recovery CD, or just a recovery partition? I've also read about recovery CDs that entirely reformat the computer's hard drive, taking My Documents with it. The point is, if you can use the computer after the exploit, it is not a brick, so it is not *bricked*. If you lost your documents or not has nothing to do with it.
  
  --
  find -name "*base*" -exec chown us {} \; ; ln -s /dev/zero /dev/chance ; make time
6. Re:Two points about the article's headline. by multisync · 2007-12-20 13:59 · Score: 4, Informative
  
  I've also read about recovery CDs that entirely reformat the computer's hard drive, taking My Documents with it.
  
  Popping the hard drive in to one of those USB enclosures and copying your data files onto another machine before running the recovery CD looks after that. The summary says the exploit just corrupts Windows' kernel files. Assuming it doesn't do anything further to make your data unreadable, there is no reason to lose any data.
  
  --
  I don't care why you're posting AC
7. Re:Two points about the article's headline. by MorpheousMarty · 2007-12-20 14:06 · Score: 5, Informative
  
  Damn straight, I'm glad you got the comment in early. Bricking is one of the last pure computing terms around. Memory, CPU, Operating System, code, hack, have all come to mean a lot of things, but bricking still has specific meaning. If you can do anything at all to the device without touching the hardware to make it run again it is not bricked. Even if it voids the warranty. Please please please don't confuse the meaning, bricking is game over, everything else is everything else.
8. Re:Two points about the article's headline. by caluml · 2007-12-20 14:17 · Score: 4, Funny
  
  fe1 ~ # echo Brick! | wall Broadcast message from root (Fri Dec 21 02:16:49 2007): Brick! fe1 ~ #
  Wonder what any users on there will think?
  
  --
  Get your own free personal location tracker
9. Re:Two points about the article's headline. by smittyoneeach · 2007-12-20 14:34 · Score: 5, Funny
  
  users on there will think
  Optimist.
  
  --
  Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
10. Re:Two points about the article's headline. by ehrichweiss · 2007-12-20 14:36 · Score: 5, Informative
  
  "If you can do anything at all to the device without touching the hardware to make it run again it is not bricked. Even if it voids the warranty. Please please please don't confuse the meaning, bricking is game over, everything else is everything else"
  
  I was under the impression that it was bricked if you couldn't bring it back without hacking the hardware. Like with the OpenWRT routers, they are said to be bricked if you install a bad firmware update but you can JTAG them and potentially bring them back. And that context has been around as long as I can remember.
  
  --
  0x09F911029D74E35BD84156C5635688C0
11. Re:Two points about the article's headline. by ConceptJunkie · 2007-12-20 15:32 · Score: 5, Funny
  
  Slashdot has editors?!
  
  --
  You are in a maze of twisty little passages, all alike.
12. Re:Two points about the article's headline. by ScrewMaster · 2007-12-20 17:35 · Score: 4, Informative
  
  Exactly. The term implies that, from the perspective of its intended purpose, the device is as functional as a brick.
  
  --
  The higher the technology, the sharper that two-edged sword.
13. Re:Two points about the article's headline. by Anonymous Coward · 2007-12-20 18:03 · Score: 5, Funny
  
  We don't need no exploitation,
  Block all Active-X controls,
  No Javashitting in my browser,
  Lame-ass spammers, lick my hole,
  
  HEY! CRACKERS!, face the fire-wall!
  > All in all, it was just a brick in the wall. (Guitar solo singing Fixed-it-for-you)
  All in all, a pack-et, blocked by my fire-wall.
14. Re:Two points about the article's headline. by totally+bogus+dude · 2007-12-20 19:38 · Score: 4, Insightful
  
  Does it encrypt the data, or just set the folder ACLs so it can't be accessed?
  
  If it's just ACLs, then you can read it from anywhere. Linux's NTFS support ignores ACLs for example, because it's going to have a very hard time trying to make them map to anything sensible. On another Windows box the SUIDs will be unknown but respected, but you should be able to take ownership of the folder and reset the permissions.
  
  If it IS encrypted, that's another matter.
15. Re:Two points about the article's headline. by 1u3hr · 2007-12-20 19:57 · Score: 5, Insightful
  
  Notwithstanding its actual existing specific meaning, "bricked" is fairly obviously now a slang term for when something electronic is, temporarily or permanently, inoperative.
  No, it is being used by some headline writers like that. But not anyone knowledgeable. It still means "permanently" , not "temporarily" fucked. In this article, for instance, the post by the "hacker" who found this never uses the word "brick". Only the sensationalist headline writer.
16. Re:Two points about the article's headline. by mr_mischief · 2007-12-20 23:00 · Score: 4, Interesting
  
  There used to be a virus that slipped past the OS and triggered a BIOS flash on certain boards, and flashed the virus into the BIOS. The only ways to get it out were to buy a new MB, buy a new BIOS chip from the MB or BIOS manufacturer, flash the chip in a dedicated chip data loader, or replace it temporarily with a friend's BIOS chip, boot, swap out the chips on the live board, reflash, and hope you didn't fry the board or the chip. The board generally wasn't dual-BIOS, and worst of all IIRC was that the BIOS chip for many of the affected boards was soldered instead of socketed. The virus was called CIH or Chernobyl.
  
  There was back in the days of DOS and ESDI, MFM, and early IDE drives, when it was the user's responsibility to run a drive head parking utility (properly configured for the right cylinder count for parking out past the edge of the drive) before physically moving the machine because auto-parking wasn't built into drives yet, a virus that did something really nasty. It'd take the cylinder count for your drive, cut that in half, set your park cylinder to that number, and tell the drive to park and shut down. The heads would move to the center of the platters, the spindle would slow down on its way to stopping, the air cushion between head and platter went away, and the heads plowed into the platters either then or when the drive would spin back up. I don't recall the name of this one.
  
  Either of these could be considered bricking actual hardware, but you probably won't ever have to worry about Chernobyl and the other is obsolete.
According to my sources... by Spy+der+Mann · 2007-12-20 13:03 · Score: 5, Funny

there's a patch available, but it involves penguins ;-)
1. Re:According to my sources... by alx5000 · 2007-12-20 13:33 · Score: 5, Funny
  
  Linux. The OS even bricks can run.
  
  --
  My 0.02 cents
Argh by obeythefist · 2007-12-20 13:03 · Score: 4, Informative

This is NOT bricking. The OS is simply disabled and can be reinstalled/system repaired whatever.

Bricking means rendering the device completely inert and beyond normal repair methods.

--
I am government man, come from the government. The government has sent me. -- G.I.R.
1. Re:Argh by obeythefist · 2007-12-20 13:24 · Score: 4, Interesting
  
  Ahh, it's not at all, that reminds me of the old joke:
  
  A couple goes on vacation to a fishing resort. The husband likes to fish at the crack of dawn. The wife likes to read. One morning the husband returns after several hours of fishing and decides to take a short nap. Although she isn't familiar with the lake, the wife decides to take the boat. She motors out a short distance, anchors, and continues to read her book. Along comes the game warden in his boat. He pulls up alongside her and says,"Good morning, Ma'am, what are you doing?" "Reading my book," she replies, thinking isn't that obvious? "You're in a restricted fishing area," he informs her. "But officer, I'm not fishing. Can't you see that?" "Yes, but you have all the equipment. I'll have to take you in and write you up." "If you do that, I'll have to charge you with rape," says the woman. "But I haven't even touched you," says the game warden. "That's true, but you do have all the equipment."
  
  The capability does not equal the crime, thankfully, so while you might put the laptop in a position it's brickable, it's not. Also, with dual bios's, bricking something like a laptop requires quite a bit of effort!
  
  --
  I am government man, come from the government. The government has sent me. -- G.I.R.
!BRICK FFS by caitsith01 · 2007-12-20 13:05 · Score: 5, Insightful

Corrupting a Windows install does NOT BRICK A GOD DAMNED LAPTOP. You can reinstall Windows and it will work. Therefore it is not a brick, it is not bricked, it has no aspect of brickishness, not even a hint of brickening.

What the HELL is wrong with you morons??? Do you even read Slashdot discussions? This has been pointed out over and over and over again.

Bricking involves killing something dead in such a way that it becomes, in effect, an expensive paperweight or 'brick' if you will. As you are clearly retarded, let me explain that a 'brick' is typically a rectangular piece of clay or similar material hardened in a furnace and used to construct buildings and other structures, and usually has no functionality beyond this. Unlike the device in this story, reinstalling Windows on an actual brick will not lead to increased capabilities.

--
Read Pynchon.
1. Re:!BRICK FFS by Anonymous Coward · 2007-12-20 13:09 · Score: 5, Funny
  
  Corrupting a Windows install does NOT BRICK A GOD DAMNED LAPTOP.
  If it did, then Windows would be considered self-bricking.
2. Re:!BRICK FFS by JK_the_Slacker · 2007-12-20 13:49 · Score: 5, Funny
  
  I beg to differ. I've seen bricks used as paperweights, doorstops, melee weapons, missiles, jackstands, stepping stools, water-saving devices, exercise equipment, depth probes, counterweights, tourist attractions, ballast, keyless entry devices, cookware, heating elements, hammers...
  
  I will not have you slandering the name of the noble and versatile brick!
  
  --
  I'm waiting for a "-1 somepeoplejustshouldn'tgetmodprivileges" meta-moderation.
Bricked? by T-Bone-T · 2007-12-20 13:10 · Score: 5, Funny

Did anybody mention that they used "bricked" incorrectly?
porkythepig by RockMFR · 2007-12-20 13:14 · Score: 4, Funny

It will l-l-l-let an attacker corrupt W-w-w-windows! T-t-t-that's all folks!
From the exploit description by The+MAZZTer · 2007-12-20 13:15 · Score: 4, Insightful

It sounds like the user needs to be using Internet Explorer in order to be vulnerable. I doubt anything happens on Firefox or other browser since there is purposely no ActiveX support there.
Also I note that the exploit description itself never uses the inaccurate word "brick".
Okay, "bricked" was the wrong word...but! by erroneus · 2007-12-20 13:17 · Score: 4, Interesting

The story is yet another illustration of how dangerous ActiveX is. This is not the first example and it probably won't be the last. So many other things depend on or otherwise utilize activex... some are highly security sensitive like in the case of ADP. I cannot understand why, after all these years of examples why Microsoft hasn't recalled the use of the technology as inherently dangerous. But really, it's worse than that. It breaks the premise of the web. The use of the web is not supposed to be limited to a certain hardware specification under a certain software configuration... this is irrelevant, of course, to the dangers pushed upon the users who are often required to use it.
Re:Donate how much to Wine? by Carnildo · 2007-12-20 13:26 · Score: 4, Insightful

For the price of donating enough money Wine to pay a programmer to implement complete support for the application, one could buy several copies of genuine Windows Vista Ultimate.

For the cost of a thousand copies of Vista Business, you could pay Wine programmers to support every app your company uses.

--
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
Agree with both points. by argent · 2007-12-20 13:54 · Score: 4, Interesting

1) Bricked is the wrong word.

2) This hilights the dangers of any holes in a sandbox. The only secure way to design a sandbox is for there to be no mechanism from inside the sandbox to request access outside it... whether by installing a plugin, executing an external application, or otherwise elevating privileges. Even if the request is normally denied, the existince of that mechanism itself creates a new class of attacks.

The corollary to point two is that ActiveX is not just a security hole, it's a different *kind* of security hole.

On the other hand, all three of the most common browsers have a mechanism to request access outside the sandbox. None of them are as bad as ActiveX, but they're all unnecessary.

* Any browser on Windows is subject to URI quoting attacks on helper applications, due to the lack of a guaranteed quote-safe command line and the use of a single set of helper bindings for trusted and untrusted sources.

* LaunchServices on OS X duplicates the second problem as well.

* Firefox and Safari both allow web pages to request plugins be installed: XPI in Firefox and Dashboard plugins in Safari on OSX. They both wrap these interfaces in multiple levels of "approval dialogs", but my experience is that there are too many people who can be relied upon to eventually hit "go ahead and infect me" by reflex.

* Safari and Internet Explorer can both be made to, with various amounts of approval dialogs, open downloaded documents automatically. Safari used to do this by default but thankfully it's now an option... but really that capability should not be there at all.

None of these holes in the sandbox actually make things more convenient for users. They look like they might, but it's actually easier to download a document or a plugin and than (as a separate step) request that it be opened or installed from a file browser or from a download manager, because making the operation asynchronous and deliberate like that means you don't have to go crazy with approval dialogs, because you're not running the risk of an unexpected dialog coming up for a user with an itchy mouse button...
Re:Donate how much to Wine? by Jeremiah+Cornelius · 2007-12-20 14:06 · Score: 5, Insightful

For a fraction of the investment, support the development of POSIX portable apps, and dump the platforms which don't have POSIX calls and portable libraries.

--
"Flyin' in just a sweet place,
Never been known to fail..."
A theory... by jbwolfe · 2007-12-20 14:06 · Score: 5, Interesting

...I must propose that Slashdot editors are involved in a conspiracy. To wit: In the past few months or so, we have had at least three submissions that have incorrectly used the term "brick" to describe a problem with typically simple solutions- distinctly not problems without solution. Anyone interested enough to submit an article to Slashdot would know the meaning of the term. Therefore, the only explanation is that the editors are cultivating the submissions in a way calculated to stimulate numerous off topic posts highlighting the improper use of the term, in turn increasing the traffic in order to generate add revenue. What's the definition of troll?

--
Have you ever noticed that anybody driving slower than you is an idiot, and anyone going faster than you is a maniac?
Waitaminute... by cliffiecee · 2007-12-20 14:25 · Score: 4, Funny

Why...

YES, it is 'bricked.' Totally and utterly useless, yes. You'll need to buy a brand new one. Seeing as I'm a nice guy, I'll buy this completely bricked, utterly useless laptop from you. Just for the case and spare parts, you see. Does $100 sound reasonable for a bricked, totally useless laptop that you can never use again? Hmmm?