PDoS attack could impair flash firmware updates

Share this article:
A Hewlett-Packard researcher is scheduled to demonstrate how network-enabled systems firmware is susceptible to a so-called permanent denial-of-service (PDoS) at the EUSecWest security conference in London this week.

The researcher, Rich Smith, head of research for offensive technologies and threats at HP Systems Security Lab, will also a show off a "fuzzing" tool he developed that can be used to initiate a PDoS attack and detect PDoS vulnerabilities in firmware systems.

Unlike the more widely known distributed denial-of-service (DDoS) attack, which disrupts service to a website or is used to deliver malware, PDoS sabotages hardware. The damage it inflicts on a system often requires replacing or reinstalling of the hardware.

Because of the hardware damage it can cause, a PDoS attack could be costly for the victim. Moreover, a PDoS attack costs considerably less to inflict than a DDoS attack, which requires an attacker to either invest in developing a botnet or renting an existing one from a third party.

With his PhlashDance fuzzing tool, Smith can inspect binaries in firmware and the firmware's “update application” protocol, and then cause a PDoS. The tool also uncovers PDoS vulnerabilities in multiple embedded systems.

One of the inherent problems with embedded devices is their hidden nature; although they're seldom patched or audited, they can contain application-level vulnerabilities that open back doors to attackers. Another issue is that remote firmware updates aren't usually secured, instead taking place by default.

Misusing firmware update schemes with what Smith calls a "phlashing attack" -- Smith's term for a remote PDoS attack on firmware -- is a one-time thing. But once the firmware is damaged, the attacker doesn't have to commit additional resources against the embedded device for the PDoS to continue.

There's no indication that anyone has actually launched a real-world phlashing PDOS attack. Enterprises can take steps to protect themselves, however.

One is to ensure that flash update schemes require an authentication, so only permitted personnel can perform a flash upgrade to an embedded system's firmware. And developers of flash update procedures should be aware of these types of malicious attacks that can damage their systems when they design their products.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.