Slashdot Mirror
New 'Phlashing' Attack Sabotages Hardware
yahoi writes "A new type of denial-of-service attack, called permanent denial-of-service (PDOS), damages a system so badly that it requires replacement or reinstallation of hardware. A researcher has discovered how to abuse firmware update mechanisms with what he calls 'phlashing' — a type of remote PDOS attack."
I updated the firmware on my Vigor 2600 router a couple of weeks back in order to enable WDS. Also seems to have improved the ADSL reliability. It was the first update I'd done to it in over a year. Also updated by BlackBerry earlier this year so that it could connect to my Mac without locking the machine up solid. So at least one person is still doing firmware upgrades...
In Italy a big ISP gave ADSL modems with default password and active administrator wan access...
The link does not tell us how to attack and render all computers in [insert your favorite evil company here AAPL,MSFT,GOOG]. Just some research guy jaw boning what could be done. So technically there is nothing worthwhile for the slashdot crowd.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
If you have $30 router and a minor issue with it, the 2 minutes it takes to apply new firmware isn't a terrible inconvenience.
And, thanks to new exploits like this, firmware upgrades may be necessary to block exploits from sabotaging your network equipment, simply maliciously (bricking) or for profit (undetectable redirects to phishing sites, attaching your affiliate ID to all ads, catching any SSN/Credit Card Number/Login going through even if it is not a phishing site.
That's sounds like a good submission to The Daily WTF.
more than nothing
This isn't exactly a new problem...in the early days, you could fry a monitor by setting the video card to absurd refresh rates, and you could destroy hard disks by issuing bogus stepping commands to the heads and slamming them into the stops.
Credit where credit's due:
http://www.physics.uwo.ca/~harwood/humor13.txt
It's always a long day... 86400 doesn't fit into a short.
Dude, at least acknowledge the original you borrowed this from (maybe Mark Twain, most likely M.J. Yilz). http://grammar.ccc.commnet.edu/grammar/twain.htm
"This calls for a very special blend of psychology and extreme violence" - Vyvyan "The Young Ones"
You never really know how close to the edge you can go until you fall off.
It's not just network hardware or computers.
iPhone
PS3
360
Wii
PSP
The production kit did when it was shipped but not the stuff that was in our test environment (different from the Sys Admin test environment) we just hadn't realised that our fellow employees were more stupid than any of our clients could ever hope to be.
An Eye for an Eye will make the whole world blind - Gandhi
I'm a hardware guy and I haven't attempted to solder a SMD by hand in the last 10 years. Typical flash memory pin spacing is 0.5mm. I drink way too much coffee for that.
Intron: the portion of DNA which expresses nothing useful.
As a targeted attack against a commercial venture any support team worth their salt will do patching as part of routine maintenance - don't we guys'n'gals? As an attack against mom and pop PCs there are so many hardware variants that any one piece of malware will have a very limited target.
To me this looks like talking up a non existent problem - but I'm open to persuasion otherwise.
If the trojan carried the payload onboard, sure, the target audience would be small. However, if the trojan read the PC info, and the downloaded bad firmwares from an external site or database of them, and then bricked your broadband device, your router, your dvd drives, your soundcard, your video card, your raid array, then your MB, we could say you got phukked.
How amazed would you be to suddenly find that you just forgot what I wrote and you needed to reread my post.... again.
There's a couple I remember, the biggest one, similar to yours:
:)
Hard drives have a "rest" mode for when shutting down (as to not cause damage when shipping/etc.) if it was not powered on or in use, which caused the read/write drive heads to be placed down on the drive platters when it stopped spinning. There was a virus that would speed up the disk, then throw it into rest mode immediately, and you guessed it, tear right into the hard disk with a loud noise and literally bricking that hard drive.
Then there was another good one that I heard that involved the monitor blowing up. Although this supposedly happened on the very old computer monitors (so it's fixed on today's monitors) and it involved changing frequencies, if I recall correctly (I believe from like 60hz to 75hz), but don't directly quote me on that.
For some reason, I feel these type of stories are the most interesting and can teach you a good deal about hardware. So as a request, anyone with these stories please post them here
Disclaimer: I am not god.
We may not be created equal
But we can be treated equal.
Gigabyte has had this feature for a while on their boards
grep -iw skynet
Not a very difficult fix for any tech savvy person with surface mount device reworking equipment - or a soldering iron, a steady hand and a great deal of faith in their ability (or practical experience) to rework SMDs with the wrong kit.
Truly spoken by someone who hasn't tried to buy a programmed flash part for a made in China board. Hint, the replacement board can be purchased but the replacement chip containing IP firmware is a little harder to obtain. Custom parts on the board (flash memory) are not imported in a programmed state. If you can extract the image from the executable without the aid of the boot loader, many of these blank chips and flash upgrade don't come with any way to install the initial code to load the initial firmware.
A new blank BIOS chip doesn't contain enough firmware to boot a floppy, USB memory stick, or CD ROM to flash the BIOS. You need a BIOS image and device programmer. Since neither is supplied and both are needed, your chances of obtaining a BIOS image and installing the firmware are slim to none.
A Blank clock flash memory chip from Mouser does not make a bricked board bootable enough to flash the new BIOS firmware.
If you want to try it, Pick up a blank unit here; Good luck
http://www.epn-online.com/page/new56862/mouser-stocks-silicon-laboratories-c8051f9xx-line-of-mcus.html
The truth shall set you free!