Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New 'Phlashing' Attack Sabotages Hardware

timothy posted more than 6 years ago | from the not-so-nice dept.

Security 242

yahoi writes "A new type of denial-of-service attack, called permanent denial-of-service (PDOS), damages a system so badly that it requires replacement or reinstallation of hardware. A researcher has discovered how to abuse firmware update mechanisms with what he calls 'phlashing' — a type of remote PDOS attack."

cancel ×

242 comments

Sorry! There are no comments related to the filter you selected.

Pharphetched naming (5, Insightful)

Anonymous Coward | more than 6 years ago | (#23474386)

I'm sick of this naming phad.

Re:Pharphetched naming (4, Funny)

Thanshin (1188877) | more than 6 years ago | (#23474588)

I pheel it phaitphully phollows the phirst uses oph it.

Re:Pharphetched naming (5, Funny)

davidpbrown (757067) | more than 6 years ago | (#23474742)

Reminds me of the European Commission

The European Commission has announced an agreement whereby English will be the official language of the EU, rather than German, which was the other contender. Her Majesty's Government conceded that English spelling had room for improvement and has therefore accepted a five-year phasing in of "Euro-English".

In the first year, "s" will replace the soft "c". Sertainly, this will make sivil servants jump for joy. The hard "c" will be dropped in favour of the "k", Which should klear up some konfusion and allow one key less on keyboards.

There will be growing publik enthusiasm in the sekond year, when the troublesome "ph" will be replaced with "f", making words like "fotograf" 20% shorter.

In the third year, publik akseptanse of the new spelling kan be expekted to reach the stage where more komplikated changes are possible. Governments will enkourage the removal of double letters which have always ben a deterent to akurate speling. Also, al wil agre that the horible mes of the silent "e" is disgrasful.

By the fourth yer, peopl wil be reseptiv to steps such as replasing "th" with "z" and "w" with "v".

During ze fifz yer, ze unesesary "o" kan be dropd from vords kontaining "ou" and similar changes vud of kors be aplid to ozer kombinations of leters. After zis fifz yer, ve vil hav a reli sensibl riten styl. Zer vil be no mor trubls or difikultis and everivun vil find it ezi to understand ech ozer. ZE DREM VIL FINALI COM TRU!

Herr Schmidt

Re:Pharphetched naming (1)

Tubal-Cain (1289912) | more than 6 years ago | (#23474924)

I'd rather learn Lojban.

Re:Pharphetched naming (4, Informative)

Curien (267780) | more than 6 years ago | (#23475140)

Credit where credit's due:
http://www.physics.uwo.ca/~harwood/humor13.txt [physics.uwo.ca]

Re:Pharphetched naming (1)

fprintf (82740) | more than 6 years ago | (#23475308)

Ok, so the idea wasn't original but the execution was just fantastic! I can just picture Herr Borg "yu vil b asimilatd"

Nicely done!

Re:Pharphetched naming (4, Informative)

flosofl (626809) | more than 6 years ago | (#23475158)

Dude, at least acknowledge the original you borrowed this from (maybe Mark Twain, most likely M.J. Yilz). http://grammar.ccc.commnet.edu/grammar/twain.htm [commnet.edu]

Re:Pharphetched naming (1)

tsadi (576706) | more than 6 years ago | (#23475472)

yes the idea is not original, but the one GP posted is way way better than the one you linked to.

bravo to GP if it's original composition and not copy/pasted from somewhere else.

Re:Pharphetched naming (4, Funny)

beadfulthings (975812) | more than 6 years ago | (#23475242)

I'm in a lot of trouble. By those rules, by Year 5 there won't be any letters left in my first name.

Sincerely yours,

*

Re:Pharphetched naming (0)

Anonymous Coward | more than 6 years ago | (#23475494)

phoilÃ! In phiew, a humble phaudephillian pheteran, cast phicariously as both phictim and phillain by the phicissitudes of Fate. This phisage, no mere pheneer of phanity, is it phestige of the phox populi, now phacant, phanished, as the once phital phoice of the pherisimilitude now phenerates what they once philified. Howepher, this phalorous phisitation of a bygone phexation stands phiphified, and has phowed to phanquish these phenal and phirulent phermin phanguarding phice and phouchsafing the phiolently phicious and phoracious phiolation of pholition. The only pherdict is phengeance; a phendetta held as a photiphe, not in phain, for the phalue and pheracity of such shall one day phindicate the phigilant and the phirtuous. pherily, this phichyssoise of pherbiage pheers most pherbose phis-Ã-phis an introduction, and so it is my phery good honour to meet you and you may call me ph.

Re:Pharphetched naming (4, Funny)

Kamineko (851857) | more than 6 years ago | (#23474608)

It sure as hell beats phbricked.

Re:Pharphetched naming (1, Funny)

Anonymous Coward | more than 6 years ago | (#23475480)

Oh no. My machine is phukked.

Re:Pharphetched naming (2, Insightful)

mweather (1089505) | more than 6 years ago | (#23474930)

I think it's a bit more than a fad if it's been going on 40+ years.

source of the name (4, Interesting)

straponego (521991) | more than 6 years ago | (#23475042)

PHLASH.EXE is the name of Phoenix's BIOS upgrade tool.

I am not making this up: less than a week ago, I woke up thinking: what to firmware, BIOS, TPM, and IPMI have in common? They'd all be great vectors for bricking a machine.

Re:Pharphetched naming (1)

theeddie55 (982783) | more than 6 years ago | (#23475122)

how did you resist phirst post?
The names are getting silly though, and we're blatantly running out of F words.

Re:Pharphetched naming (0)

Anonymous Coward | more than 6 years ago | (#23475448)

I'm sick of this naming phad.

I feel a great disturbance in the phorce, as if every fone phreak who ever wore a test set on his belt (which was the style at the time) cried out "PHAD? GET OFF MY LINE!"

I had no clue people still upgraded firmwares. (3, Interesting)

nauseum_dot (1291664) | more than 6 years ago | (#23474414)

Seriously, I work to update the equipment at work, but at home, I just really don't care a whole lot about a $30 router.
I can't tell you the last time upgraded the bios on a motherboard. I think it was an older P3 Dell PowerEdge because I was installing Linux on it.

Re:I had no clue people still upgraded firmwares. (2, Informative)

ratbag (65209) | more than 6 years ago | (#23474504)

I updated the firmware on my Vigor 2600 router a couple of weeks back in order to enable WDS. Also seems to have improved the ADSL reliability. It was the first update I'd done to it in over a year. Also updated by BlackBerry earlier this year so that it could connect to my Mac without locking the machine up solid. So at least one person is still doing firmware upgrades...

Re:I had no clue people still upgraded firmwares. (3, Funny)

maxume (22995) | more than 6 years ago | (#23474678)

No doubt all his equipment works exactly as he expects it to.

He would probably be outright offended if he heard about Rockbox or other projects where people are *writing* their own firmware.

Re:I had no clue people still upgraded firmwares. (2, Insightful)

Kingrames (858416) | more than 6 years ago | (#23474544)

Well, you probably wouldn't value a $30 router unless you were using it at the time.

I can easily see this being an issue, if perhaps, someone attacked your router and destroyed it in the middle of a counter-strike match or a WoW arena matchup, for example.

Re:I had no clue people still upgraded firmwares. (1)

Project2501a (801271) | more than 6 years ago | (#23474768)

If i was using my router all the time, it wouldn't be a $30 router.

as it is not: i got a cisco 1841 with an adsl module on it.

Re:I had no clue people still upgraded firmwares. (2)

Creepy Crawler (680178) | more than 6 years ago | (#23475032)

And Im running a WRT54G with OpenWRT on it. Supports sshv2 and all the mods I wish to load on it. You paid 300$ (?) for something that does a small subset what mine does, for 1/10 the price. Sweet.

Re:I had no clue people still upgraded firmwares. (1)

Amouth (879122) | more than 6 years ago | (#23475270)

sorry butthe WRT54G isn't what i would consider a reliable peice of hardware..

Re:I had no clue people still upgraded firmwares. (4, Interesting)

Creepy Crawler (680178) | more than 6 years ago | (#23475428)

That's the key: Reliable Enough. We dont need 100% availability, as it requires many redundant units (akin DRBD). I just have another WRT54G if this one burns out.

Business wise: I would go higher end as time==money. Better reliability can be afforded.

It does what I want it to do, and it does it well. And cheap.

Re:I had no clue people still upgraded firmwares. (1)

pleappleappleap (1182301) | more than 6 years ago | (#23475272)

He paid (much more than $300, if he bought new) for the reliability. And the Cisco 1800 series definitely does do some things your WRT54G just doesn't have the horsepower for.

Re:I had no clue people still upgraded firmwares. (1)

BlackSnake112 (912158) | more than 6 years ago | (#23475396)

Shouldn't that be the WRT54GL?

Re:I had no clue people still upgraded firmwares. (1)

Creepy Crawler (680178) | more than 6 years ago | (#23475458)

Nope. Mine's WRT54G v.3

I got it before they started using that non-linux OS on it.

Re:I had no clue people still upgraded firmwares. (2, Interesting)

Anonymous Coward | more than 6 years ago | (#23474610)

We're running a small IT shop and are reflashing multiple ADSL modems per week as local ISP is giving low-cost Telewell EA-501v3 modems for free when subscribing. Those boxes are probably bought en masse some years ago and all of them have ancient firmware which causes NAT to get stuck in couple weeks uptime.

Re:I had no clue people still upgraded firmwares. (2, Informative)

Coopjust (872796) | more than 6 years ago | (#23474846)

If you have $30 router and a minor issue with it, the 2 minutes it takes to apply new firmware isn't a terrible inconvenience.

And, thanks to new exploits like this, firmware upgrades may be necessary to block exploits from sabotaging your network equipment, simply maliciously (bricking) or for profit (undetectable redirects to phishing sites, attaching your affiliate ID to all ads, catching any SSN/Credit Card Number/Login going through even if it is not a phishing site.

Re:I had no clue people still upgraded firmwares. (1)

clang_jangle (975789) | more than 6 years ago | (#23474868)

I just updated the firmware on my Treo...

Re:I had no clue people still upgraded firmwares. (1)

jank1887 (815982) | more than 6 years ago | (#23475164)

you should just buy Trendnet routers. They never actually offer any firmware updates. must be because the devices are such high quality to start with...

Re:I had no clue people still upgraded firmwares. (2, Informative)

sqlrob (173498) | more than 6 years ago | (#23475310)

It's not just network hardware or computers.

iPhone
PS3
360
Wii
PSP

Re:I had no clue people still upgraded firmwares. (1)

Sun.Jedi (1280674) | more than 6 years ago | (#23475422)

And yet, one of the first responses a HW vendor tells you is "update the firmware, update the driver".

I've recently experienced a condition in which the firmware is beyond the kernel, so we now get tons of 'null' messages from the card, and the kernel just goes "duh".

Yes, yes, yes, I know -- update the kernel. Response: sometimes you just can't.

THIRSTY FOR A FIRSTY (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23474420)

GNAA PWNZ J00
HTTP://WWW.ON.NIMP.ORG/
nigger nigger nigger

Read-only switch (4, Interesting)

ettlz (639203) | more than 6 years ago | (#23474468)

...or jumper. How much more would that cost?

Re:Read-only switch (4, Informative)

Anonymous Coward | more than 6 years ago | (#23474878)

more than nothing

Re:Read-only switch (1)

rthille (8526) | more than 6 years ago | (#23475380)

My board (VIA EPIA EN-15000G) already has a jumper you have to set to flash the bios. You can make bios configuration changes, but not flash the bios. Not sure how the division is accomplished (perhaps the bios config is in battery backed static ram), but it seems to work. I don't know that I would completely reject a board without that feature, but it certainly would be a strike against it.

Who You Gonna Call ?? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23474470)

Well, are you ??

Bricking (5, Funny)

ThrudTheBarbarian (670936) | more than 6 years ago | (#23474484)

FINALLY! *This* is bricking

Re:Bricking (3, Funny)

hostyle (773991) | more than 6 years ago | (#23474596)

+1 Architectural

YES! (0)

Anonymous Coward | more than 6 years ago | (#23474730)

Finally, as the parent said, this is bricking. As much as this term gets thrown around slashdot, you don't use it to describe actual bricking??!?!?!@!??!111!? I'm suprised it wasn't tagged as censorship, another term that gets over-used on slashdot because a bunch of idiots don't know what it means.

Also as mentioned befophe this "PH" naming phad is phucking stupid.

Re:Bricking (2, Interesting)

dreamchaser (49529) | more than 6 years ago | (#23474830)

Yes it is, in a sense, but at least in the case of a PC all one would need do is replace the BIOS physically. Not a very difficult fix for any tech savvy person.

Re:Bricking (1)

SpinyManiac (542071) | more than 6 years ago | (#23475100)

It's even easier if you have a backup BIOS.
DualBIOS [tomshardware.com]

Re:Bricking (4, Insightful)

Linker3000 (626634) | more than 6 years ago | (#23475156)

Not a very difficult fix for any tech savvy person with surface mount device reworking equipment - or a soldering iron, a steady hand and a great deal of faith in their ability (or practical experience) to rework SMDs with the wrong kit.

FTFY

Re:Bricking (1)

dreamchaser (49529) | more than 6 years ago | (#23475236)

Not sure about your PC's, but every one of mine has an easily removeable BIOS that requires none of that. Even if it did, what tech savvy person DOESN'T know how to desolder a chip and pop in a new one. I didn't say it would be easy for the average Joe.

Re:Bricking (1)

MagicM (85041) | more than 6 years ago | (#23474892)

I propose we call it "phricking".

thank you for another buzzword (2, Insightful)

mambosauce (1236224) | more than 6 years ago | (#23474490)

interesting research, but we should browbeat the research for calling it phlashing

Re:thank you for another buzzword (5, Funny)

aproposofwhat (1019098) | more than 6 years ago | (#23474562)

nah - his tool's called PhlashDance, which made me go all warm and fuzzy at the thought of Jennifer Beals stamping on my fimware in her heels :P

Re:thank you for another buzzword (5, Funny)

Anonymous Coward | more than 6 years ago | (#23475340)

nah - his tool's called PhlashDance, which made me go all warm and fuzzy at the thought of Jennifer Beals stamping on my fimware in her heels :P
Hmmmm... What a pheeling.

Re:thank you for another buzzword (3, Insightful)

SargentDU (1161355) | more than 6 years ago | (#23474574)

I agree! phlashing sounds like flashing! Stupid to use something that is phonically identical for different outcomes.

In Italy (2, Informative)

Anonymous Coward | more than 6 years ago | (#23474528)

In Italy a big ISP gave ADSL modems with default password and active administrator wan access...

Re:In Italy (2, Interesting)

Jaysyn (203771) | more than 6 years ago | (#23474776)

Hell, my ISP does the same thing now. The phone support tech freaked out when I told them I was in the modem's management console. Apparently, you're not supposed to upgrade the firmware on your own.

And no, I'm not going to tell you who my ISP is. :D

Re:In Italy (1)

the_bard17 (626642) | more than 6 years ago | (#23474894)

I've noticed that Time Warner is handing out Netgear WGR614v7 routers... or so they appear. Look closely, and the model number has a -VC or something close to it appended.

Try to upgrade the firmware off Netgear's website, and the normal WGR614 firmware doesn't apply... the router kicks it out, saying that the firmware's for the wrong device.

P.S.: I'm doing this from memory, so I may have the wrong model number listed above. My apologies if so.

How is the mechanism exploited? (5, Insightful)

Coopjust (872796) | more than 6 years ago | (#23474546)

Is it possible to exploit firmware from the outside, unless the person has enabled remote management and is using the default password?

Those two rarely go hand in hand.

However, I think we'll see a lot of trojans with firmware payloads. How many people use the WRT54G? And how many access points are unsecured with the name "linksys"? Those people probably didn't change their admin password.

Simple solution: Hardware button. You have to press it to flash the router, and you have a minute after you press it to upload the firmware. Should be an easy thing to do and provide a great amount of protection.

Re:How is the mechanism exploited? (1)

Kingrames (858416) | more than 6 years ago | (#23474634)

Well there must be some way to get the root password - I suspect that social engineering or a bad seed may be the culprit for that - then it's just a matter of running a program.

Re:How is the mechanism exploited? (3, Insightful)

kalirion (728907) | more than 6 years ago | (#23474810)

Why would flashing even be allowed through remote management? My router comes with instructions to not even risk flashing through a wireless LAN connection, much less the whole big world wide net.

Re:How is the mechanism exploited? (1)

deroby (568773) | more than 6 years ago | (#23475232)

Why would a trojan want to lock itself inside a LAN in the first place...

"Hey look, I infested this machine, let's make sure I can get not to another one !"

New word overloading (0, Offtopic)

will_die (586523) | more than 6 years ago | (#23474558)

You know it is getting bad when you create a stupid word like phlashing and it is already being used to indicate "Flash-based phishing sites".

For those wondering why you would need to seperate types of phishing sites, according to Netcraft(and yes Netcraft said they are increasing)

Attackers have begun using Flash animation to create spoof sites as a strategy to defeat automated anti-phishing services, which scan the text of a page in search of suspect phrases (brands of financial institutions, for example) that may identify it as a phishing scam. Phishers previously shifted from HTML to Javascript to make it harder to analyze a page's source code, and the use of Flash represents the next step in this evolution.

Re:New word overloading (3, Funny)

smooth wombat (796938) | more than 6 years ago | (#23474702)

Just another reason not to use Flash or even have it installed on your system.


This is why, Flash must die! [slashdot.org]

Re:New word overloading (0, Offtopic)

rumith (983060) | more than 6 years ago | (#23475080)

Hey. You and the GP are sort of off-topic. Could you at least read the damn summary please? The story has nothing to do with Adobe Flash, it's about modifying firmware thus causing obvious discomfort to the victim.

Re:New word overloading (0, Offtopic)

maxume (22995) | more than 6 years ago | (#23475252)

Please don't be the topic police. You and I are contributing even less to the thread than they did.

Re:New word overloading (0)

Anonymous Coward | more than 6 years ago | (#23475478)

which thread?

That's the best they could come up with (5, Funny)

Zerth (26112) | more than 6 years ago | (#23474560)

Phlashing? And he calls his demo code PhlashDance? Good way to make this seem completely silly. "Damn it, we've been phlashdanced!" That'll really get management to up your security budget, if they ever stop laughing.

It figures that when "bricking" might be remotely appropriate, they pick something worse.

It could have been remote bricking, BOIP(brick over IP), brick-and-run, packet bricking, warbricking.

Even brick-o-gram(landshark).

Sigh...

Re:That's the best they could come up with (0)

Anonymous Coward | more than 6 years ago | (#23475160)

Re:That's the best they could come up with (4, Funny)

trongey (21550) | more than 6 years ago | (#23475410)

It could have been remote bricking, BOIP(brick over IP), brick-and-run, packet bricking, warbricking.

Even brick-o-gram(landshark).
I vote for Brick-rolling.

I move to change it to FDOS (1)

ratonu (868505) | more than 6 years ago | (#23474564)

Since it's a Firmware related attack let's not jump to PDOS yet, we can call it FDOS.
EDOS is not viable anyway, it defaults to ElectronicDOS, a very generic term.

Surely this isn't that much of a problem (3, Interesting)

Silver Sloth (770927) | more than 6 years ago | (#23474578)

As a targeted attack against a commercial venture any support team worth their salt will do patching as part of routine maintenance - don't we guys'n'gals? As an attack against mom and pop PCs there are so many hardware variants that any one piece of malware will have a very limited target.

To me this looks like talking up a non existent problem - but I'm open to persuasion otherwise.

Re:Surely this isn't that much of a problem (1)

Oxy the moron (770724) | more than 6 years ago | (#23474720)

To me this looks like talking up a non existent problem - but I'm open to persuasion otherwise.

What if one were able to upload firmware from device type A, a certain DVD-Writer, to device type B, a CD-ROM? I realize it isn't the best example, but wouldn't having the wrong firmware type (not just a different hacked version of the same type of drive) completely brick that hardware? From that standpoint, I don't think the firmware would have to be "targeted" per se.

Re:Surely this isn't that much of a problem (1, Interesting)

Anonymous Coward | more than 6 years ago | (#23474944)

To me this looks like talking up a non existent problem - but I'm open to persuasion otherwise.

What if one were able to upload firmware from device type A, a certain DVD-Writer, to device type B, a CD-ROM? I realize it isn't the best example, but wouldn't having the wrong firmware type (not just a different hacked version of the same type of drive) completely brick that hardware? From that standpoint, I don't think the firmware would have to be "targeted" per se.

The whole idea is that you write some sonsense to the flash memory thus rendering it unusable. Writing firmware from some other device or writing just a bunch of random numbers doesn't make a difference. But yes, hardware has to be "targeted" specifically. You see, there is no unified way of accessing the flash firmware. Most motherboard manufacturers have completely different implementations from each other, optical media is also accessed very different from motherboards, not to mention the differences between different models and manufacturers and so forth...

One could of course create a program that detects f.ex. which manufacturer's motherboard you are using and then take the necessary steps to flash the firmware but then you'd still have to create atleast a dozen different implementations.

As for the article..this is NOTHING NEW! There has been such malware/viruses in the wild even before that could brick certain motherboards in use. The word used for such attacks has been "bricking", so why invent some new and "cool" word for it now all of a sudden?

Re:Surely this isn't that much of a problem (1)

TubeSteak (669689) | more than 6 years ago | (#23475488)

As a targeted attack against a commercial venture any support team worth their salt will do patching as part of routine maintenance - don't we guys'n'gals?
The problem is that this isn't a targeted attack, it's a fuzzer.
If there are overflow issues in your code, allegedly, this will trash your firmware.

To me this looks like talking up a non existent problem - but I'm open to persuasion otherwise.
It's a problem because it goes back to the truly malicious days of the 80's and 90's where the goal wasn't to own someone's computer, just to destroy and disrupt. This could kill your graphics card, sound card, network card, bluetooth, cd/dvd drive, etc etc etc.

And it isn't a quick solve, because it will require the people writing firmwares to write (at a minimum) a non-exploitable password prompt... that doesn't keep a default password.

I've been waiting for the pendulum to swing back towards wanton destruction, because IMHO, that is the only thing that will bring truly robust security to computers.

This is new? (3, Insightful)

Timothy Brownawell (627747) | more than 6 years ago | (#23474582)

I'm pretty sure I remember stories about viruses that could destroy hardware, by doing things like making the drives seek in "funny" ways (past the edge of the disc or something?) or driving wired-together pins to opposite voltages. Those sound *really* permanent, where a bad flash can be fixed by anyone with the proper equipment (JTAG programmer) unless it does that same sort of thing.

Re:This is new? (1)

Thanshin (1188877) | more than 6 years ago | (#23474642)

I'm pretty sure I remember stories about viruses that could destroy hardware,
I remember stories about viruses that could infect the computer human user.

I didn't believe in them, though.

Re:This is new? (1)

Timothy Brownawell (627747) | more than 6 years ago | (#23474896)

I'm pretty sure I remember stories about viruses that could destroy hardware,
I remember stories about viruses that could infect the computer human user. I didn't believe in them, though.
Sure, but these at least are believable if you don't have the spare resources to provide proper encapsulation for the interfaces to your hardware. The OS shouldn't be able to drive a bus while some other device is talking on it, but sufficiently dumb/cheap driver hardware might not prevent this.

Re:This is new? (1)

kvezach (1199717) | more than 6 years ago | (#23475208)

I remember stories about viruses that could infect the computer human user.

It's called an e-mail chain letter or virus hoax, and infects the minds of gullible users.

Re:This is new? (3, Interesting)

MilesAttacca (1016569) | more than 6 years ago | (#23474650)

Indeed, early Commodore PETs reportedly suffered a "killer POKE [6502.org] " via their BASIC.

Nothing to see, move on folks. (2, Informative)

140Mandak262Jamuna (970587) | more than 6 years ago | (#23474590)

The link does not tell us how to attack and render all computers in [insert your favorite evil company here AAPL,MSFT,GOOG]. Just some research guy jaw boning what could be done. So technically there is nothing worthwhile for the slashdot crowd.

Re:Nothing to see, move on folks. (2, Interesting)

zappepcs (820751) | more than 6 years ago | (#23475180)

Survey said! bzzzzzz wrong.

It is of interest. Think about it. If you wanted to do damage to company xyz, you social engineer the information for what PCs they are using, the CD hardware etc., routers, blah blah blah... then silently release a worm or virus that redirects them to your special webpage. brick brick brick brick until their productivity grinds to a halt.... if some get bricked for the CD, others for the motherboard, others because of routers... it matters not. What is being shown is that it is POSSIBLE to do this.

In this day and age, shame on your for dismissing it as not possible. May your body rot next to that of the designer of the Titanic. If it can happen, it will, and probably already is. I could write a virus that is undetected, and does nothing but look for people who have a bill.gates in their address book, and upon finding one, sit patiently, wait till idle time, then delete the oldest .xls file on the hard drive. Repeat that once every rand(x) number of days. lather, rinse, repeat.

Perhaps your virus waits till it sees acks from 40 other machines on the same LAN segment, then they all start bricking things?

This *IS* of interest. Welcome to Tuesday.

Proof of concept (5, Funny)

Malevolent Tester (1201209) | more than 6 years ago | (#23474626)

Dear Sir, I am the former son of the Nigerian dictator Sonni Abacha. I would like to give you several million dollars. To receive this, please add a static IP to your D-Link router and reboot it.

I used to work with a Sys Admin like that (5, Interesting)

MosesJones (55544) | more than 6 years ago | (#23474648)

He used to be able to turn any working piece of kit into a piece of metal art in about 20 seconds, EVERYTHING was always a BIOS issue and he would NEVER check with anyone before replacing the BIOS.

Lets be clear about how dumb this person was, he had a BIOS that worked on his test servers and would then apply that to all the other servers INDEPENDENT OF HARDWARE OR OS. He would then start the machines (which of course wouldn't start) declare them "broken" and say the issue was with the software.

We did some low level hardware stuff in our software and it did break the boxes sometimes so it took 2 months of painful testing and debugging which found nothing, it only came about because one of the team had a heavy night and decided to "rest" in the server room and saw the moron apply the BIOS to a server that had been running and then scurry out to blame the team again.

Basic rule after then was BIOS set to read-only and locked down with a secure password, to this day my BIOS has a password thanks to the sheer physical shock of realising how dumb some people can be.
 

Re:I used to work with a Sys Admin like that (3, Informative)

kalirion (728907) | more than 6 years ago | (#23474872)

That's sounds like a good submission to The Daily WTF [thedailywtf.com] .

Re:I used to work with a Sys Admin like that (1)

Cassini2 (956052) | more than 6 years ago | (#23474906)

I always assumed that the flash updating programs would have lock outs to prevent someone from uploading an incorrect BIOS image when flashing the hardware. This would prevent people from flashing things, bricking their own hardware, and then trying to return it under warranty.

I add that feature to the embedded hardware that I design ...

Re:I used to work with a Sys Admin like that (2, Informative)

MosesJones (55544) | more than 6 years ago | (#23475376)

The production kit did when it was shipped but not the stuff that was in our test environment (different from the Sys Admin test environment) we just hadn't realised that our fellow employees were more stupid than any of our clients could ever hope to be.

This is what I love about computers (1)

Richard W.M. Jones (591125) | more than 6 years ago | (#23474802)

Nothing is really new.

Bytecode [wikipedia.org] , killer pokes [oldcomputers.net] , the auto type [wikipedia.org] , XML [wikipedia.org] ...

Rich.

Hardware Virus (4, Interesting)

Pikoro (844299) | more than 6 years ago | (#23474820)

I seem to remember a virus back in the 486 days that would cause the hard drive to sweep back and forth between extremes and would keep sweeping until it hit some "resonant frequency" of the drive heads. At that point the heads would start oscillating on the vertical, causing it to strike the platter and physically damage the hard disc.

Anyone else remember this? I had only seen it once and have never been able to find a reference to it.

This would have been in the mid '90s. I have been wracking my brain over finding it since then.

Anyone else who has heard of this, reply and let me know.

Re:Hardware Virus (5, Interesting)

Anonymous Coward | more than 6 years ago | (#23475388)

I experimented with a technique (that worked) on the Commodore 64. You could address the floppy drive directly to move the drive head to the innermost position, which was on the opposite side of the "track 0" microswitch. Then you deliberately crash the CPU on the drive. When it POSTs it moves the head inward to track 0 to initialize. Since the head is on the wrong side of the switch it never gets there, makes a terrible noise, and gives up.

Hardly a new phenomenon (5, Informative)

g051051 (71145) | more than 6 years ago | (#23474940)

This isn't exactly a new problem...in the early days, you could fry a monitor by setting the video card to absurd refresh rates, and you could destroy hard disks by issuing bogus stepping commands to the heads and slamming them into the stops.

Phlashing (1)

Wowsers (1151731) | more than 6 years ago | (#23474980)

I saw someone Phlashing their laptop in a public park, he was arrested for public indecency :-)

Works in real life too ! (4, Funny)

garett_spencley (193892) | more than 6 years ago | (#23475026)

The last time I "phlashed" someone in real-life I received a permanent injunction and restraining order from a very nice judge in court. I guess you can call that a permanent denial of service.

Re:Works in real life too ! (3, Funny)

hyperz69 (1226464) | more than 6 years ago | (#23475276)

I guess your firmware didn't impress her.

Little endian (1)

Ilan Volow (539597) | more than 6 years ago | (#23475322)

I bet she laughed when you phlashed your insignificant bits.

Sometimes I wonder... (1)

bsDaemon (87307) | more than 6 years ago | (#23475124)

Sometimes I wonder the mindset that even goes into creating something like this. I'll admit that when I was a middle-school aged kid, i thought that "computer hackers" were cool. Now, however, I just sort of wonder --

even if information wants to be free, wtf am I supposed to do with it?

"Fone Phreaking" I saw a benefit to, and its something that I took an interest in.

Trying to hijack computers and stuff -- why bother? Unless I'm doing it to be a dick to someone, just why? I can understand if mobster types are trying to do a virtual bank robbery, but this is just sorta gay.

I can see why a 13-14 year old little dipshit might want to use it, but it's pretty clear that they someone that age wouldn't have invented the technique. So, my question really is - what sort of mal-adjusted dickhead would come up with something like this, wrap it in nice little scriptkiddy packaging, and make it available to lazy little vandals that got "dissed" on myspace?

Re:Sometimes I wonder... (4, Informative)

trongey (21550) | more than 6 years ago | (#23475298)

Sometimes I wonder the mindset that even goes into creating something like this. ... I can understand if mobster types are trying to do a virtual bank robbery,...
Close. It's called extortion. You do this to one of a site's machines. Then you send the demand for payment with a threat to do it to the rest of their machines. It's been happening to gambling and porn sites for years since law enforcement agencies don't usually get in a hurry to apprehend people who attack those sites. They have been using DDoS, so this would just be a bigger hammer.

Re:Sometimes I wonder... (0)

Anonymous Coward | more than 6 years ago | (#23475508)

Unless I'm doing it to be a dick to someone, just why?
Because most people ARE just that. You do not have to drive more than 10 feet on a highway to figure that out. Many people are seriously passive agressive. They WANT to be dicks but are to shy to do it. Other people just like to mess with other people 'just because they can'. It is an alien thing to some as they are just not like that. But sometimes you get the right mix of passive agressive and agressive and you get dicks like this one.

Damaged hardware might finally get people to care (1, Interesting)

Anonymous Coward | more than 6 years ago | (#23475142)

If it finally costs people when their boxes get hacked, maybe they will care enough not to let their machines get hacked.
If one botnet got taken over and the disks on that botnet's host got passwords set on them and the resulting mess got good press, the spamming industry might actually take a big hit.

Phlashdotted.. (1)

Scott Kevill (1080991) | more than 6 years ago | (#23475212)

So that's what they call it when a web server is melted remotely.

Forget Rootkits (1)

Script Cat (832717) | more than 6 years ago | (#23475250)

/\/3VV, 8i05 \/1ru535 @re 4 t3h 900d +1m3z && L337 H4X0rz.
Hey I get a new boot message!
Look it's on my nintendo WII too.

Everything should have a factory reset switch (5, Insightful)

davidwr (791652) | more than 6 years ago | (#23475268)

I'm sorry, but every device out there should have two factory reset switches:

1 to reset user data, akin to a standard BIOS "reset to factory settings"
1 to re-flash the BIOS to the factory-installed version of the BIOS, to de-brick devices.

Furthermore, if there is anything a user can do that is designed to update the machine in a way that's irreversible without a password setting a BIOS or boot password, a hardware switch should be pressed as the information is saved. While this won't prevent social engineering, it will prevent pure software exploits from making the hardware unusable.

Burning down the machine room (0)

Anonymous Coward | more than 6 years ago | (#23475306)

With older VGA video hardware it was possible for software to set the monitor on fire. Perhaps turning the monitor off could be not only a power savings, but a security benefit as well.

Magic Bullet (4, Insightful)

John Hasler (414242) | more than 6 years ago | (#23475438)

> "Unfortunately, there isn't a magic bullet..."

Yes there is. It's called a write-disable switch.

Nothing really new... (1)

moxley (895517) | more than 6 years ago | (#23475490)

What is so new about this? That it's been given a media friendly ph-suffix name?

I think Malicious Firmware Update is better.

M.F.U. (I am sure with those initials, we could come up with a name much more compelling and befitting the situation you'd be in if this happened to you).

Anyone who has worked with even consumer grade home computers and routers and done a firmware or BIOS flash should have been aware that this is possible, with most home routers having the ability for remote management....

Now....if we saw a worm that does this in the wild, it might be more newsworthy.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>