enjoy this compilation
DNR
Phlashing is a permanent denial of service (DoS) attack that exploits a vulnerability in network-based firmware updates. Such an attack is currently theoretical but if carried out could render the target device inoperable.
Rich Smith, head of HP's Systems Security Lab, discovered the vulnerability and demonstrated the attack at the EUSecWest security conference in June 2008. In a real-world execution, an attacker could use remote firmware update paths in network hardware, which are often left unprotected, to deliver corrupted firmware and flash this to the device. As a result, the device would become unusable.
The likelihood of phlashing attacks is under some debate. Like other types of exploits, DoS has become increasingly profit-driven. Although phlashing would be cheaper to execute and more damaging than a traditional DOS attack, its potential for gain is limited because once the network hardware has been rendered useless, the victim has no incentive to pay the attacker. The attacker's only prospect for gain would be to threaten to attack and demand a payoff to refrain from doing so. However, as suggested on the Hack a Day blog, the same attack vector could be more effectively used to flash a device with malware-embedded firmware.
------------
Phlashing Attack Can Damage Systems Beyond Repair
The attack would be carried out by exploiting flaws in remote management interfaces to gain access to the system and then flashing or fuzzing the firmware binaries to render the hardware useless. One such remote management interface is HP’s Integrated Lights Out (ILO) which is embedded in their ProLiant servers; however, Doug Hascall, an HP manager in charge of ILO firmware, believes the security architecture of the interface makes it invulnerable to the attack.
Security watchers, myself included, don’t see crackers destroying systems since there would be no money in it; rather, this attack could make it possible for them to plant malware inside of the firmware: a far more insidious threat. Moreover, a country’s enemies could use the technique as an effective cyberwarfare weapon either to take out critical infrastructure or to implant spyware to gather military intelligence.
http://itknowledgeexchange.techtarget.c ... nd-repair/
--------------
Phlashing denial of service attack, the new hype
Anyone who has flashed a device knows the danger of interrupting the procedure.
Embedded systems, like wireless routers, network cameras, and printers require remote access to be upgraded. This could be over the network or just a USB cable. Unfortunately most devices go unpatched because of this lack of easy access. The upgrade procedure can be very insecure too. The last time we flashed a custom firmware on our La Fonera we had to set up a TFTP server for it to download the firmware from. The TFTP protocol has no authentication, so anyone could pose as the server and offer a bad firmware for download. Many embedded system upgrade tools use TFTP because of its ease of implementation and low hardware overhead.
Malware is a business and destroying hardware doesn't seem to have much income potential. The article presents this as an alternative to maintaining a botnet to perform a DDOS. With a DDOS, you deny the service, ask for ransom, and return service when they pay. With PDOS, you threaten to deny their service, they don't pay, and then you destroy their equipment and get nothing. We agree with [HD Moore] that a more successful attack would be installing your own custom firmware that gives you full control of the system and full access to the network to do as you please.
Outside of griefing, the PDOS attack is not a threat. In any case, firmware upgrade procedures for embedded devices need to be improved.
http://www.hackaday.com/2008/05/20/phla ... e-new-hype
-------------
Researcher to demonstrate a permanent denial-of-service (PDOS) attack that remotely wipes out hardware via flash firmware updates
Smith will demonstrate how network-enabled systems firmware is susceptible to a remote PDOS attack -- which he calls “phlashing” -- this week at the EUSecWest security conference in London. He’ll also unveil a fuzzing tool he developed that can be used to launch such an attack as well as to detect PDOS vulnerabilities in firmware systems.
His so-called PhlashDance tool fuzzes binaries in firmware and the firmware’s update application protocol to cause a PDOS, and it detects PDOS weaknesses across multiple embedded systems.
Meanwhile, Smith says he’s not aware of any phlashing PDOS attacks in the wild to date, but there are a few precautions to protect against these attacks. “Unfortunately, there isn't a magic bullet, but making sure the flash update mechanisms have authentication so as not just anyone can perform an update is a start,” Smith says. “Beyond this, flash update mechanisms need to be designed with malicious attacks in mind.”
Smith has no plans yet for releasing his PhlashDance tool.
http://www.darkreading.com/document.asp?doc_id=154270
-------------------
other
http://eusecwest.com/speakers.html
http://www.pcsympathy.com/2008/05/20/pe ... -hardware/
http://www.boingboing.net/2008/05/20/ph ... k-per.html
http://www.itsec.ru/keywords.php?keyword=26441
http://ntlab.egloos.com/tag/PhlashDance
http://www.howinthetech.com/youve-been- ... k-and-run/
