Slashdot Mirror
New 'Phlashing' Attack Sabotages Hardware
yahoi writes "A new type of denial-of-service attack, called permanent denial-of-service (PDOS), damages a system so badly that it requires replacement or reinstallation of hardware. A researcher has discovered how to abuse firmware update mechanisms with what he calls 'phlashing' — a type of remote PDOS attack."
Seriously, I work to update the equipment at work, but at home, I just really don't care a whole lot about a $30 router.
I can't tell you the last time upgraded the bios on a motherboard. I think it was an older P3 Dell PowerEdge because I was installing Linux on it.
Crap! I just kissed my karma good-bye.
...or jumper. How much more would that cost?
As a targeted attack against a commercial venture any support team worth their salt will do patching as part of routine maintenance - don't we guys'n'gals? As an attack against mom and pop PCs there are so many hardware variants that any one piece of malware will have a very limited target.
To me this looks like talking up a non existent problem - but I'm open to persuasion otherwise.
init 11 - for when you need that edge.
He used to be able to turn any working piece of kit into a piece of metal art in about 20 seconds, EVERYTHING was always a BIOS issue and he would NEVER check with anyone before replacing the BIOS.
Lets be clear about how dumb this person was, he had a BIOS that worked on his test servers and would then apply that to all the other servers INDEPENDENT OF HARDWARE OR OS. He would then start the machines (which of course wouldn't start) declare them "broken" and say the issue was with the software.
We did some low level hardware stuff in our software and it did break the boxes sometimes so it took 2 months of painful testing and debugging which found nothing, it only came about because one of the team had a heavy night and decided to "rest" in the server room and saw the moron apply the BIOS to a server that had been running and then scurry out to blame the team again.
Basic rule after then was BIOS set to read-only and locked down with a secure password, to this day my BIOS has a password thanks to the sheer physical shock of realising how dumb some people can be.
An Eye for an Eye will make the whole world blind - Gandhi
Indeed, early Commodore PETs reportedly suffered a "killer POKE" via their BASIC.
98% of America's teens drink alcohol, smoke, and have sex. Put this in your sig if you like bagels.
I seem to remember a virus back in the 486 days that would cause the hard drive to sweep back and forth between extremes and would keep sweeping until it hit some "resonant frequency" of the drive heads. At that point the heads would start oscillating on the vertical, causing it to strike the platter and physically damage the hard disc.
Anyone else remember this? I had only seen it once and have never been able to find a reference to it.
This would have been in the mid '90s. I have been wracking my brain over finding it since then.
Anyone else who has heard of this, reply and let me know.
"Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
I am not making this up: less than a week ago, I woke up thinking: what to firmware, BIOS, TPM, and IPMI have in common? They'd all be great vectors for bricking a machine.
Wasn't this already done by the CIH (later called Chernobyl) virus, circa 1998? There was even an e-mail variant of it, based on the Loveletter worm.
God, this is going back,
In the good old DOS PC days when 10Mb hard disks were 'big' and 'Stoned' was probably the only wild virus ever found on the lab machines..
There was an issue wrt Stoned I think, or some other virus of the time whose name escapes me, its final action was to zap the old MFM hard disks via some low level init call, but, this wasn't fatal as we could get the info back off them with a bit of faffing, however, the first generation of those new fangled IDE disks, the same init call permanently screwed the disks.
It killed a number of expensive large (40Mb) hard disks back then in the lab..thanks mainly to one serial offender who disabled the virus scanners on these new machines when they stopped him running infected code off floppies. (don't ask, the guy was a serious pain..)
I also remember a fun summer spent manually repositioning the heads on a bunch of MFM drives by trial and error which had 'gone faulty' after virus infestation, turned out there was a small grub screw which worked loose on an optical interrupter on the head positioning motor shaft if the drive was particularly hammered (lots of seeks over a short period of time etc). There was an opening of the case and a lot of twiddling and adjusting whilst watching the position of the heads over the platters (not carried out in a clean, dust free environment I hasten to add). As that was one brand of HD, I doubt it was a targeted effect of a virus though, just bad design.
My memory is vague on this, as I was more hardware design and Sun support..
- wait for a key press
- for decreasing n
- turn on the tape cassete relay
- wait n cycles
- turn off the tape cassete relay
this would cause an increasing pitch whine, followed by a little whiff of smoke from the cassette relay.Something about the people there always saying "there's nothing you can type on the computer that will hurt it..."
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'