Friday, October 14, 2011

Phlashing -- A threat to Hardware.

Phlashing means a Permanent Denial of Service attack or PDoS. A PDOS attack damages a system so badly that it requires replacement or reinstallation of hardware. Unlike the infamous distributed denial-of-service (DDOS) attack -- which is used to sabotage a service or Website or as a cover for malware delivery -- PDOS is pure hardware sabotage.

Instead of taking over control of an embedded system, the attacker turns it into a nonfunctioning brick by flashing it with a broken firmware. Anyone who has flashed a device knows the danger of interrupting the procedure.
 In this type of attack, the hacker uploads, or "flashes," non-authentic firmware to the device under the guise of a legitimate firmware update. However, the hacker's firmware contains malicious code that provides a back door into a network or permanently disables, or "bricks," the device. This use of phlashing has earned the technique the alternative moniker of permanent denial-of-service (PDoS) attack.

To demonstrate this attack you'll need a tool PhlashDance tool which fuzzes binaries in firmware and the firmware’s update application protocol to cause a PDOS, and it detects PDOS weaknesses across multiple embedded systems.

But you can't get this tool because this is privately owned by the researcher who found this PDOS attack,
Mr. Rich Smith, head of research for offensive technologies & threats at HP Systems Security Lab.

Smith says remotely abusing firmware update mechanisms with a phlashing attack, for instance, is basically a one-shot attack. “Phlashing attacks can achieve the goal of disrupting service without ongoing expense to the attacker; once the firmware has been corrupted, no further action is required for the DOS condition to continue,” he says.

Smith has no plans yet for releasing his PhlashDance tool.
And if somebody got this tool, please talk to me... :P
 

The Hacker News