PDoS attack could impair flash firmware updates

Share this article:
A Hewlett-Packard researcher is scheduled to demonstrate how network-enabled systems firmware is susceptible to a so-called permanent denial-of-service (PDoS) at the EUSecWest security conference in London this week.

The researcher, Rich Smith, head of research for offensive technologies and threats at HP Systems Security Lab, will also a show off a "fuzzing" tool he developed that can be used to initiate a PDoS attack and detect PDoS vulnerabilities in firmware systems.

Unlike the more widely known distributed denial-of-service (DDoS) attack, which disrupts service to a website or is used to deliver malware, PDoS sabotages hardware. The damage it inflicts on a system often requires replacing or reinstalling of the hardware.

Because of the hardware damage it can cause, a PDoS attack could be costly for the victim. Moreover, a PDoS attack costs considerably less to inflict than a DDoS attack, which requires an attacker to either invest in developing a botnet or renting an existing one from a third party.

With his PhlashDance fuzzing tool, Smith can inspect binaries in firmware and the firmware's “update application” protocol, and then cause a PDoS. The tool also uncovers PDoS vulnerabilities in multiple embedded systems.

One of the inherent problems with embedded devices is their hidden nature; although they're seldom patched or audited, they can contain application-level vulnerabilities that open back doors to attackers. Another issue is that remote firmware updates aren't usually secured, instead taking place by default.

Misusing firmware update schemes with what Smith calls a "phlashing attack" -- Smith's term for a remote PDoS attack on firmware -- is a one-time thing. But once the firmware is damaged, the attacker doesn't have to commit additional resources against the embedded device for the PDoS to continue.

There's no indication that anyone has actually launched a real-world phlashing PDOS attack. Enterprises can take steps to protect themselves, however.

One is to ensure that flash update schemes require an authentication, so only permitted personnel can perform a flash upgrade to an embedded system's firmware. And developers of flash update procedures should be aware of these types of malicious attacks that can damage their systems when they design their products.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.