Slashdot Mirror
New 'Phlashing' Attack Sabotages Hardware
yahoi writes "A new type of denial-of-service attack, called permanent denial-of-service (PDOS), damages a system so badly that it requires replacement or reinstallation of hardware. A researcher has discovered how to abuse firmware update mechanisms with what he calls 'phlashing' — a type of remote PDOS attack."
Seriously, I work to update the equipment at work, but at home, I just really don't care a whole lot about a $30 router.
I can't tell you the last time upgraded the bios on a motherboard. I think it was an older P3 Dell PowerEdge because I was installing Linux on it.
Crap! I just kissed my karma good-bye.
...or jumper. How much more would that cost?
As a targeted attack against a commercial venture any support team worth their salt will do patching as part of routine maintenance - don't we guys'n'gals? As an attack against mom and pop PCs there are so many hardware variants that any one piece of malware will have a very limited target.
To me this looks like talking up a non existent problem - but I'm open to persuasion otherwise.
init 11 - for when you need that edge.
He used to be able to turn any working piece of kit into a piece of metal art in about 20 seconds, EVERYTHING was always a BIOS issue and he would NEVER check with anyone before replacing the BIOS.
Lets be clear about how dumb this person was, he had a BIOS that worked on his test servers and would then apply that to all the other servers INDEPENDENT OF HARDWARE OR OS. He would then start the machines (which of course wouldn't start) declare them "broken" and say the issue was with the software.
We did some low level hardware stuff in our software and it did break the boxes sometimes so it took 2 months of painful testing and debugging which found nothing, it only came about because one of the team had a heavy night and decided to "rest" in the server room and saw the moron apply the BIOS to a server that had been running and then scurry out to blame the team again.
Basic rule after then was BIOS set to read-only and locked down with a secure password, to this day my BIOS has a password thanks to the sheer physical shock of realising how dumb some people can be.
An Eye for an Eye will make the whole world blind - Gandhi
Indeed, early Commodore PETs reportedly suffered a "killer POKE" via their BASIC.
98% of America's teens drink alcohol, smoke, and have sex. Put this in your sig if you like bagels.
Hell, my ISP does the same thing now. The phone support tech freaked out when I told them I was in the modem's management console. Apparently, you're not supposed to upgrade the firmware on your own.
:D
And no, I'm not going to tell you who my ISP is.
There is a war going on for your mind.
I seem to remember a virus back in the 486 days that would cause the hard drive to sweep back and forth between extremes and would keep sweeping until it hit some "resonant frequency" of the drive heads. At that point the heads would start oscillating on the vertical, causing it to strike the platter and physically damage the hard disc.
Anyone else remember this? I had only seen it once and have never been able to find a reference to it.
This would have been in the mid '90s. I have been wracking my brain over finding it since then.
Anyone else who has heard of this, reply and let me know.
"Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
Yes it is, in a sense, but at least in the case of a PC all one would need do is replace the BIOS physically. Not a very difficult fix for any tech savvy person.
I am not making this up: less than a week ago, I woke up thinking: what to firmware, BIOS, TPM, and IPMI have in common? They'd all be great vectors for bricking a machine.
If it finally costs people when their boxes get hacked, maybe they will care enough not to let their machines get hacked.
If one botnet got taken over and the disks on that botnet's host got passwords set on them and the resulting mess got good press, the spamming industry might actually take a big hit.
Survey said! bzzzzzz wrong.
.xls file on the hard drive. Repeat that once every rand(x) number of days. lather, rinse, repeat.
It is of interest. Think about it. If you wanted to do damage to company xyz, you social engineer the information for what PCs they are using, the CD hardware etc., routers, blah blah blah... then silently release a worm or virus that redirects them to your special webpage. brick brick brick brick until their productivity grinds to a halt.... if some get bricked for the CD, others for the motherboard, others because of routers... it matters not. What is being shown is that it is POSSIBLE to do this.
In this day and age, shame on your for dismissing it as not possible. May your body rot next to that of the designer of the Titanic. If it can happen, it will, and probably already is. I could write a virus that is undetected, and does nothing but look for people who have a bill.gates in their address book, and upon finding one, sit patiently, wait till idle time, then delete the oldest
Perhaps your virus waits till it sees acks from 40 other machines on the same LAN segment, then they all start bricking things?
This *IS* of interest. Welcome to Tuesday.
Support NYCountryLawyer RIAA vs People
Wasn't this already done by the CIH (later called Chernobyl) virus, circa 1998? There was even an e-mail variant of it, based on the Loveletter worm.
God, this is going back,
In the good old DOS PC days when 10Mb hard disks were 'big' and 'Stoned' was probably the only wild virus ever found on the lab machines..
There was an issue wrt Stoned I think, or some other virus of the time whose name escapes me, its final action was to zap the old MFM hard disks via some low level init call, but, this wasn't fatal as we could get the info back off them with a bit of faffing, however, the first generation of those new fangled IDE disks, the same init call permanently screwed the disks.
It killed a number of expensive large (40Mb) hard disks back then in the lab..thanks mainly to one serial offender who disabled the virus scanners on these new machines when they stopped him running infected code off floppies. (don't ask, the guy was a serious pain..)
I also remember a fun summer spent manually repositioning the heads on a bunch of MFM drives by trial and error which had 'gone faulty' after virus infestation, turned out there was a small grub screw which worked loose on an optical interrupter on the head positioning motor shaft if the drive was particularly hammered (lots of seeks over a short period of time etc). There was an opening of the case and a lot of twiddling and adjusting whilst watching the position of the heads over the platters (not carried out in a clean, dust free environment I hasten to add). As that was one brand of HD, I doubt it was a targeted effect of a virus though, just bad design.
My memory is vague on this, as I was more hardware design and Sun support..
Each time I read this, it gets easier to read the final paragraph. However, it still has at least two issues. The first is the overloading of the v with w which have different sounds. The second is that British English has about 11 non-dipthong vowels (which is really most of the issue with spelling), and the "new spelling system" (let's call it a Rechtschreibung) doesn't really address that. This of course, can also lead to the issues of sh and ch. Although if you left sh as the s symbol, you wouldn't be able to drop a letter from the keyboard. Furthermore, does Z replace th as in thin or th as in than? If it replaces both, there is not advantage to its replacement.
Since we are inclined to speak of a Rechtschreibung, can we address issues like it's versus its? Perhaps, we can add back some of our missing pronouns (i.e. wit to mean you, I, and maybe others versus I and others, excluding you; gé to mean plural you). Oh, the list can go on for some time, but if we propose a Rechtschreibung, we should do it right.
</pedantic>
- wait for a key press
- for decreasing n
- turn on the tape cassete relay
- wait n cycles
- turn off the tape cassete relay
this would cause an increasing pitch whine, followed by a little whiff of smoke from the cassette relay.Something about the people there always saying "there's nothing you can type on the computer that will hurt it..."
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
When I was at the U of Wisconsin back in the 1970s, the central campus Computer Center had a Univac system. An EE prof (or his students ;-) got circuit diagrams and did some analysis. He announced that there was a bug: If a particular (unlikely) sequence of instructions was executed, they would fry a transistor in the CPU. Rather than thanks, he got ridiculed and insulted by the Univac CS people (and a lot of people on campus). So he announced that he'd run a test. He submitted a job that included a chunk of assembly language with the sequence. The machine promptly halted and couldn't be rebooted. The CS engineers looked into it, and found that a transistor had been fried.
...
These days, though, I suppose that he'd probably be charged with something. The smart thing to do if you learn of such bugs is probably to not notify anyone, especially not the vendor or your employer. Instead, you quietly offer the information (for a price of course) to various "interested parties" for whatever use they'd like to make of it.
Another time, some students figured out a bug in Univac's tape drives. They found code that sent commands to spool forward and rewind with timing such that the drive did both - which snapped the tape. They were also not believed, so they demoed it. They submitted a job that asked for a scratch tape, wrote a few KB of data, and snapped the tape. Then it asked for another scratch tape. It didn't take too many tapes before the operators figured out that they should call in the CS people.
I'll bet that others here have a bunch of similar stories. And nonetheless, a future story will be the patenting of using such bugs for "PDOS" attacks. Probably by our favorite whipping boy, Microsoft, who will patent such attacks as a way of enforcing licensing restrictions or DRM.
Maybe the fellow the story is about can get the patent first
Those who do study history are doomed to stand helplessly by while everyone else repeats it.