Slashdot Mirror

← Back to Stories (view on slashdot.org)

New 'Phlashing' Attack Sabotages Hardware

Posted by timothy on from the not-so-nice dept.

yahoi writes "A new type of denial-of-service attack, called permanent denial-of-service (PDOS), damages a system so badly that it requires replacement or reinstallation of hardware. A researcher has discovered how to abuse firmware update mechanisms with what he calls 'phlashing' — a type of remote PDOS attack."

7 of 242 comments (clear)

  1. Re:I used to work with a Sys Admin like that by kalirion · · Score: 3, Informative

    That's sounds like a good submission to The Daily WTF.

  2. Re:Read-only switch by Anonymous Coward · · Score: 4, Informative

    more than nothing

  3. Hardly a new phenomenon by g051051 · · Score: 5, Informative

    This isn't exactly a new problem...in the early days, you could fry a monitor by setting the video card to absurd refresh rates, and you could destroy hard disks by issuing bogus stepping commands to the heads and slamming them into the stops.

  4. Re:Pharphetched naming by Curien · · Score: 4, Informative

    Credit where credit's due:
    http://www.physics.uwo.ca/~harwood/humor13.txt

    --
    It's always a long day... 86400 doesn't fit into a short.
  5. Re:Pharphetched naming by flosofl · · Score: 4, Informative

    Dude, at least acknowledge the original you borrowed this from (maybe Mark Twain, most likely M.J. Yilz). http://grammar.ccc.commnet.edu/grammar/twain.htm

    --
    "This calls for a very special blend of psychology and extreme violence" - Vyvyan "The Young Ones"
  6. Re:Sometimes I wonder... by trongey · · Score: 4, Informative

    Sometimes I wonder the mindset that even goes into creating something like this. ... I can understand if mobster types are trying to do a virtual bank robbery,... Close. It's called extortion. You do this to one of a site's machines. Then you send the demand for payment with a threat to do it to the rest of their machines. It's been happening to gambling and porn sites for years since law enforcement agencies don't usually get in a hurry to apprehend people who attack those sites. They have been using DDoS, so this would just be a bigger hammer.
    --
    You never really know how close to the edge you can go until you fall off.
  7. Re:Bricking & replacement parts by Technician · · Score: 3, Informative

    Not a very difficult fix for any tech savvy person with surface mount device reworking equipment - or a soldering iron, a steady hand and a great deal of faith in their ability (or practical experience) to rework SMDs with the wrong kit.


    Truly spoken by someone who hasn't tried to buy a programmed flash part for a made in China board. Hint, the replacement board can be purchased but the replacement chip containing IP firmware is a little harder to obtain. Custom parts on the board (flash memory) are not imported in a programmed state. If you can extract the image from the executable without the aid of the boot loader, many of these blank chips and flash upgrade don't come with any way to install the initial code to load the initial firmware.

    A new blank BIOS chip doesn't contain enough firmware to boot a floppy, USB memory stick, or CD ROM to flash the BIOS. You need a BIOS image and device programmer. Since neither is supplied and both are needed, your chances of obtaining a BIOS image and installing the firmware are slim to none.

    A Blank clock flash memory chip from Mouser does not make a bricked board bootable enough to flash the new BIOS firmware.

    If you want to try it, Pick up a blank unit here; Good luck
    http://www.epn-online.com/page/new56862/mouser-stocks-silicon-laboratories-c8051f9xx-line-of-mcus.html

    --
    The truth shall set you free!