PDoS attack could impair flash firmware updates
A Hewlett-Packard researcher is scheduled to demonstrate how network-enabled systems firmware is susceptible to a so-called permanent denial-of-service (PDoS) at the EUSecWest security conference in London this week.The researcher, Rich Smith, head of research for offensive technologies and threats at HP Systems Security Lab, will also a show off a "fuzzing" tool he developed that can be used to initiate a PDoS attack and detect PDoS vulnerabilities in firmware systems.
Unlike the more widely known distributed denial-of-service (DDoS) attack, which disrupts service to a website or is used to deliver malware, PDoS sabotages hardware. The damage it inflicts on a system often requires replacing or reinstalling of the hardware.
Because of the hardware damage it can cause, a PDoS attack could be costly for the victim. Moreover, a PDoS attack costs considerably less to inflict than a DDoS attack, which requires an attacker to either invest in developing a botnet or renting an existing one from a third party.
With his PhlashDance fuzzing tool, Smith can inspect binaries in firmware and the firmware's “update application” protocol, and then cause a PDoS. The tool also uncovers PDoS vulnerabilities in multiple embedded systems.
One of the inherent problems with embedded devices is their hidden nature; although they're seldom patched or audited, they can contain application-level vulnerabilities that open back doors to attackers. Another issue is that remote firmware updates aren't usually secured, instead taking place by default.
Misusing firmware update schemes with what Smith calls a "phlashing attack" -- Smith's term for a remote PDoS attack on firmware -- is a one-time thing. But once the firmware is damaged, the attacker doesn't have to commit additional resources against the embedded device for the PDoS to continue.
There's no indication that anyone has actually launched a real-world phlashing PDOS attack. Enterprises can take steps to protect themselves, however.
One is to ensure that flash update schemes require an authentication, so only permitted personnel can perform a flash upgrade to an embedded system's firmware. And developers of flash update procedures should be aware of these types of malicious attacks that can damage their systems when they design their products.
