back to article Phlashing attack thrashes embedded systems

A security attack that damages embedded systems beyond repair was demonstrated for the first time in London on Wednesday. The cyber-assault thrashes systems by abusing firmware update mechanisms. If successful, the so-called phlashing attack would force victims to replace systems. The attack was demonstrated by Rich Smith, …

COMMENTS

This topic is closed for new posts.
  1. Jeremy Southard
    Stop

    The "ph" fad.

    Alright, just stop it already with the "ph" stuff. Does anyone remember how it came into being and how it properly related to it's first usage? Phone freaking...aka phreaking...actually made sense. This malicious firmware flashing has nothing to do with phones!!! And honestly, "PhlashDance"?? Come on. What's next? "Oh no! We've been disco inphernoed!!!"

  2. Phil Endecott

    Signed updates = bad

    The downside of requiring that firmware updates are signed by the manufacturer is that it becomes impossible to repurpose the devices in the way that NSLU2 (http://nslu2-linux/) and WRT54G (http://openwrt.org/) users have.

    The best solution is to require physical access in order to perform a firmware update. For example, a switch that you press to enter "update mode", after which the web interface shows the upgrade dialog. If the cost of an extra switch is too much, just require that the reset button is pressed for 10 seconds when power is applied. The NSLU2 does something like this.

  3. Steven Knox
    Flame

    Basic Rant

    Because my pH level is too high. Nothing says "I haven't got a life" better than replacing Fs with PHs. STOP IT!</rant>

  4. Steve Kay

    Reasonable

    It was only a matter of time before this sort of thing happened. Embedded systems pose a larger risk of infrastructure exploitation because they're embedded, and simpler to predict.

    Here's an example: Sky Broadband appear to provide lots of Netgear DG834-series routers to their customers, and assume that a exploit comes out to root a DG834 to run code of the attacker's choosing (DG834s are Lunix).

    You have x number of vulnerable systems which can be egged in any way the malware author sees fit. Predictable systems in a predictable IP range, no port scanning required.

    It's not a case of batten down the hatches or tin foil hats, but I do reckon it's high time that either the broadband suppliers who issue the kit, and / or hardware manufucturers made automatic updating a little easier, and - in the case of a nasty dev flub, pretty timely indeed.

  5. Quirkafleeg

    Prevention…

    Shouldn't these things have write-protect jumpers and/or a tiny ROM (normally disabled) for re-flashing purposes?

  6. Pyros
    Black Helicopters

    Crackers benifiting?

    Actually, if you're the sort of mind here, there's a SECOND party that can benefit from this exploit... the router manufacturers.

    Think about it--you send out a wide AOE PhlashDance to brick a particular competitor's set of routers, then tout your own as PhlashDance-proof (whether or not they ARE, it's just a price-jack, and managers would drool all over the idea *itself* anyways.) Win.

    It's devious, but it only works as long as no one catches on.

    I wish there was an BOfH icon.

  7. Kanhef

    Default settings

    Just ship kit with all remote access disabled by default. Make the firmware unable to be changed from outside the local network, regardless of security settings. Doesn't seem that hard.

  8. trackSuit

    Main motive? -in a kalidescope of agendas?

    "There's no record of such an attack even occurring and other security watchers are sceptical over whether crackers could make money - the main motive for denial of service attacks - from such an approach."

    I though the main motive of a denial of any type of service attack was to deny service? Which in any sevice-based economy would be QuITe a big issue, Virtually the Biggest and quite a disservice?

  9. Keith T

    electronic warfare tool for countries and terrorists

    Although this would not be so useful for blackmailers, this would be a great electronic warfare tool for countries and both state and non-state sponsored terrorists.

  10. Steve Kay
    Thumb Up

    @Jeremy

    Disco inpherno - I love it :)

    (long hated the ph thing)

  11. James Condron

    ah, ph

    Just as I was about to complain about the idiotic over use oph 'ph', i realised everyone else has... Why must everything with an 'ph' now be spelt with a phuking ph?

    it gets to the stage where the use oph 'ph' and 'ph' is too diphphicult to diphpherentiate between

  12. Tony Haines
    Heart

    phff.

    Phoible. (foi-bell) n. A weakness for spelling words in a whimsical manner.

  13. Anonymous Coward
    Stop

    Our alien lizard overlords...

    ...enjoy hacking our kit!

  14. Chris Peterson

    Why is this major news now?

    Does anyone remember the CIH virus from the mid to late 90's?

    Infected computers would overwrite their flash BIOS on certain days of the month.

    Honestly I'm surprised that mischief makers haven't realised that they could overwrite firmware on local networks once they infect one machine. Most people leave the default admin passwords on everything from DSL routers to LAN connected printers. Get past the network barrier once, you own it.

  15. amanfromMars Silver badge

    Is there anybody out there?

    "Both H D Moore of Metapolit fame and the Hack a Day blog reckon that exploiting vulnerabilities to plant malware in firmware is a far more insidious and dangerous type of attack than simply destroying systems."

    They cannot be serious. Simply destroying systems allows One to entirely replace them with Better Beta Systems of One's Own Making and therefore in Control of Everything.

    It doesn't get more Beneficial/Malicious than that....... but IT cannot be done by just any Old Hack with Tired and Worn Out Cracks for it needs AI Live and Agile Mind which can Connect with Much that is Apparently Not Already There but what can be Thought 42XXXXist and Therefore Most Definitely Is.

    Such are in the Realms of amfM HyperRadioProActivity which are Regularly Registered here for Reading into dDeeper Understanding/Future Memory.

  16. Richard
    Jobs Horns

    Better name

    Surely the bad kind of flashing should be called Dirty Mac-ing. A botnet of such would be a Dirty Mac Brigade.

    Advantages:

    1) no ph abuse

    2) It'll wind the cult of Jobs up

  17. Mage Silver badge
    Pirate

    @Kanef

    Outside the Network!

    Ha.

    The obvious way to do this (hack) is a browser vulnerability. For your browser, the router is INSIDE. Infact ALL the routers I know only update via LOCAL (usually 192.168.yyyy.xxxx ) subnet.

    For any ISP, you can assume the default Router IP is not changed. Other typical ones are local net 192.168.yyyy.1 or 192.168.yyyy.254 where yyyy is 0 to 255 and usually 0 or 1

    Most people don't change default router password.

    If you change your router default Admin password, it's unlikely this idea can be exploited. No outside access required. Only a vulnerable browser and malicious website (Active X anyone?)

  18. Slaine
    Boffin

    @ Jeremy Southard

    Well, not actually AT you mate, just in response... the "ph=f" thing... I've been doing it for over 30 years... I thought it was clever as a kid because technically it wasn't a swear word when I was actually typing or spelling FUCK.

    It sems to have grown arms and legs since... sorry about that.

  19. C. Fuhrman
    Happy

    @Jeremy

    Sadly I think the "PHad" is here to stay

  20. Slaine
    Happy

    @ C Phurman

    Unphortunately, your inophensive yet phleeting phlourish is conphirmed.

  21. Anonymous Coward
    Anonymous Coward

    Whatever Next?

    Spelling Jane with a 'y', I suppose?

    Oh, and dotting 'I's with circles, or, hey! we could even draw those circles like tiny flowers!

  22. Fuion
    Alien

    RE:Is there anybody out there?

    Is there anybody out there? ---> Am I coming in clear?

    Fuion ---> Wonders if WonkaVision is having a malfunction...

    RE:

    "Most people don't change default router password.

    If you change your router default Admin password, it's unlikely this idea can be exploited. No outside access required. Only a vulnerable browser and malicious website (Active X anyone?)"

    I had a dream, and in that dream:

    ---> It is currently possible to remote exploit all SOHO routers that employ CMS.

    ---> Root password is stored inside firmwares such surrounded by cute quotes such as "root --> uid 0 -->The Lamma of all Evil"

    ---> Whole subnets can be "0wned", someone has forgotten to properly configure the Cisco ACL settings...

    ---> Even without CMS another tact can be employed to remote exploit without password. Who needs a password(s) when you are not required to use such to get the result.

    In short: "Passwords" == overrated.

    -=- End DNS Dream -=-

    Alien because there is no Daemon icon???

  23. Slaine
    Paris Hilton

    @ Thad

    I knew a truely lovely young lady called Jayne. The irony being that she dotted all her "i"'s with circles (Nice petals too ;oP)

  24. Mike Flugennock
    Boffin

    This "PH" bidness

    OK, in the beginning, it was cute, it was clever, it was sarcastic. Now it's spent, beat, wiped, played. Jumped the shark, already.

    Still, where does that leave that old 18th Century English scientist who, iirc, discovered oxygen as a combustible gas in action but, not knowing what he'd discovered, named it "phlogiston"?

This topic is closed for new posts.

Other stories you might like