PDoS attack could impair flash firmware updates

Share this article:
A Hewlett-Packard researcher is scheduled to demonstrate how network-enabled systems firmware is susceptible to a so-called permanent denial-of-service (PDoS) at the EUSecWest security conference in London this week.

The researcher, Rich Smith, head of research for offensive technologies and threats at HP Systems Security Lab, will also a show off a "fuzzing" tool he developed that can be used to initiate a PDoS attack and detect PDoS vulnerabilities in firmware systems.

Unlike the more widely known distributed denial-of-service (DDoS) attack, which disrupts service to a website or is used to deliver malware, PDoS sabotages hardware. The damage it inflicts on a system often requires replacing or reinstalling of the hardware.

Because of the hardware damage it can cause, a PDoS attack could be costly for the victim. Moreover, a PDoS attack costs considerably less to inflict than a DDoS attack, which requires an attacker to either invest in developing a botnet or renting an existing one from a third party.

With his PhlashDance fuzzing tool, Smith can inspect binaries in firmware and the firmware's “update application” protocol, and then cause a PDoS. The tool also uncovers PDoS vulnerabilities in multiple embedded systems.

One of the inherent problems with embedded devices is their hidden nature; although they're seldom patched or audited, they can contain application-level vulnerabilities that open back doors to attackers. Another issue is that remote firmware updates aren't usually secured, instead taking place by default.

Misusing firmware update schemes with what Smith calls a "phlashing attack" -- Smith's term for a remote PDoS attack on firmware -- is a one-time thing. But once the firmware is damaged, the attacker doesn't have to commit additional resources against the embedded device for the PDoS to continue.

There's no indication that anyone has actually launched a real-world phlashing PDOS attack. Enterprises can take steps to protect themselves, however.

One is to ensure that flash update schemes require an authentication, so only permitted personnel can perform a flash upgrade to an embedded system's firmware. And developers of flash update procedures should be aware of these types of malicious attacks that can damage their systems when they design their products.
Share this article:

Sign up to our newsletters

More in News

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's ...

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Cryptoblocker variant emerges, encryption differs from CryptoLocker

Trend Micro has detected a variant of CryptoLocker in the wild that relies on the advanced encryption standard.

Jimmy John's sandwich chain investigating possible breach

Some financial institutions have indicated that credit cards recently used at Jimmy John's locations have been used to make fraudulent purchases.