Slashdot Mirror

← Back to Stories (view on slashdot.org)

New 'Phlashing' Attack Sabotages Hardware

Posted by timothy on from the not-so-nice dept.

yahoi writes "A new type of denial-of-service attack, called permanent denial-of-service (PDOS), damages a system so badly that it requires replacement or reinstallation of hardware. A researcher has discovered how to abuse firmware update mechanisms with what he calls 'phlashing' — a type of remote PDOS attack."

16 of 242 comments (clear)

  1. Pharphetched naming by Anonymous Coward · · Score: 5, Insightful

    I'm sick of this naming phad.

    1. Re:Pharphetched naming by mweather · · Score: 2, Insightful

      I think it's a bit more than a fad if it's been going on 40+ years.

  2. thank you for another buzzword by mambosauce · · Score: 2, Insightful

    interesting research, but we should browbeat the research for calling it phlashing

    1. Re:thank you for another buzzword by SargentDU · · Score: 3, Insightful

      I agree! phlashing sounds like flashing! Stupid to use something that is phonically identical for different outcomes.

  3. Re:I had no clue people still upgraded firmwares. by Kingrames · · Score: 2, Insightful

    Well, you probably wouldn't value a $30 router unless you were using it at the time.

    I can easily see this being an issue, if perhaps, someone attacked your router and destroyed it in the middle of a counter-strike match or a WoW arena matchup, for example.

    --
    If you can read this, I forgot to post anonymously.
  4. How is the mechanism exploited? by Coopjust · · Score: 5, Insightful

    Is it possible to exploit firmware from the outside, unless the person has enabled remote management and is using the default password?

    Those two rarely go hand in hand.

    However, I think we'll see a lot of trojans with firmware payloads. How many people use the WRT54G? And how many access points are unsecured with the name "linksys"? Those people probably didn't change their admin password.

    Simple solution: Hardware button. You have to press it to flash the router, and you have a minute after you press it to upload the firmware. Should be an easy thing to do and provide a great amount of protection.

    1. Re:How is the mechanism exploited? by kalirion · · Score: 3, Insightful

      Why would flashing even be allowed through remote management? My router comes with instructions to not even risk flashing through a wireless LAN connection, much less the whole big world wide net.

  5. This is new? by Timothy+Brownawell · · Score: 3, Insightful

    I'm pretty sure I remember stories about viruses that could destroy hardware, by doing things like making the drives seek in "funny" ways (past the edge of the disc or something?) or driving wired-together pins to opposite voltages. Those sound *really* permanent, where a bad flash can be fixed by anyone with the proper equipment (JTAG programmer) unless it does that same sort of thing.

  6. Re:Bricking by Linker3000 · · Score: 4, Insightful

    Not a very difficult fix for any tech savvy person with surface mount device reworking equipment - or a soldering iron, a steady hand and a great deal of faith in their ability (or practical experience) to rework SMDs with the wrong kit.

    FTFY

    --
    AT&ROFLMAO
  7. Everything should have a factory reset switch by davidwr · · Score: 5, Insightful

    I'm sorry, but every device out there should have two factory reset switches:

    1 to reset user data, akin to a standard BIOS "reset to factory settings"
    1 to re-flash the BIOS to the factory-installed version of the BIOS, to de-brick devices.

    Furthermore, if there is anything a user can do that is designed to update the machine in a way that's irreversible without a password setting a BIOS or boot password, a hardware switch should be pressed as the information is saved. While this won't prevent social engineering, it will prevent pure software exploits from making the hardware unusable.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:Everything should have a factory reset switch by Stellian · · Score: 2, Insightful

      I'm sorry, but every device out there should have two factory reset switches: Things like easy accessible switches and backup copies of the flash cost money. Granted, they don't cost very much, but when you are talking about millions of units things add up. Since these features are useless (i.e will never be used) for 99.9% of the customers, the market forces will act to remove them.
      Besides they are not really necessary if you simply engineer the old flash to accept only flashing with a digitally signed newer version. This takes a few KB of object code to implement, and will 100% block any type of software bricking, as long as the private key is secured by the manufacturer. Yes, I'd rather buy a locked down piece of hardware - that I'm not planing to run Linux on - instead of a 0.5$ more expensive or less secure, but open alternative.
  8. Magic Bullet by John+Hasler · · Score: 4, Insightful

    > "Unfortunately, there isn't a magic bullet..."

    Yes there is. It's called a write-disable switch.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  9. Re:Hardware Virus by Captain+Spam · · Score: 2, Insightful

    I heard of viruses like those back in that time frame, too. Though when I heard of them, they were reported as spinning the hard drive heads so fast that they overheated and warped.

    But in the end, I think those were all just email hoaxes. Ah, those were the good ol' days, when hoax emails were pranks like those and not phishing scams. Now I'm all nostaligic. :-)

    All things considered, though, I don't believe the head would ever be able to do what you're suggesting due to the head never actually touching the platters and there not being enough power in the head's servo motor to cause enough destabilization to the mechanics. Similarly, the overheat story wouldn't be possible, either, unless it was an exceptionally poorly-made drive which suffered overheat problems anyway.

    Still, THAT would be an effective DoS tool. :-)

    --
    Demanding constant attention will only lead to attention.
  10. Re:Bricking by jonadab · · Score: 2, Insightful

    Not very difficult *if* you have the replacement part, with a good BIOS on it. Which is probably only available bundled on another motherboard of exactly the same model and revision...

    --
    Cut that out, or I will ship you to Norilsk in a box.
  11. Re:I used to work with a Sys Admin like that by Kjella · · Score: 2, Insightful

    The really clueless are often too afraid to break it to do anything dangerous. It's the semi-skilled people that are really dangerous, just enough to know such things as to flash a BIOS yet completely oblivious to any problems that might cause. They're the kind that'll disable the anti-virus and firewall if you let them, because it blocks whatever important thing they're doing. If anyone ever feels the need to utter "Trust me, I know what I'm doing" it's time to duck and take cover.

    --
    Live today, because you never know what tomorrow brings
  12. Re:Read-only switch by marxmarv · · Score: 3, Insightful

    About two cents in quantity, plus a penny to drill the hole and stuff the part. Plus six or seven cents for the AND gate on the write line. Times several million.

    --
    /. -- the Free Republic of technology.