Permanent denial-of-service attack sabotages hardware

There are more subtle ways
than wielding an ax to make a piece of hardware perform a permanent
denial-of-service (PDOS) attack. HP’s Rich Smith today will demonstrate a PDOS attack that can take
place remotely. Dark Reading’s Kelly Jackson Higgins writes that A PDOS attack damages a system so badly that it requires replacement or
reinstallation of hardware. Unlike the infamous distributed denial-of-service
(DDOS) attack —  which is used to
sabotage a service or Web site or as a cover for malware delivery — PDOS is
pure hardware sabotage. “We aren’t seeing the PDOS attack as a way to mask
another attack, such as malware insertion, but [as] a logical and highly
destructive extension of the DDOS criminal extortion tactics seen in use
today,” says Rich Smith, head of research for offensive technologies &
threats at HP Systems Security Lab. Smith says a PDOS attack would result in a
costly recovery for the victim, since it would mean installing new hardware. At
the same time, it would cost the attacker much less than a DDOS attack. “DDOS
attacks require investment from an attacker for the duration of the extortion
— meaning the renting of botnets, for example,” he says.

Smith will demonstrate how
network-enabled systems firmware is susceptible to a remote PDOS attack —
which he calls “phlashing” — at the EUSecWest security conference which
takes place today and tomorrow at the Sound club in Leicester Square in central in London. He will also unveil a fuzzing tool he developed that
can be used to launch such an attack as well as to detect PDOS vulnerabilities
in firmware systems. His PhlashDance tool fuzzes binaries in firmware and the
firmware’s update application protocol to cause a PDOS, and it detects PDOS
weaknesses across multiple embedded systems. The danger with embedded devices
is that they are often forgotten. They do not always get patched or audited,
and they can contain application-level vulnerabilities, such as flaws in the
remote management interface that leave the door open for an attacker, according
to Smith. Remote firmware updates are not typically secured, but rather set up
to occur by default. Smith says remotely abusing firmware update mechanisms
with a phlashing attack, for instance, is basically a one-shot attack. “Phlashing
attacks can achieve the goal of disrupting service without ongoing expense to
the attacker; once the firmware has been corrupted, no further action is
required for the DOS condition to continue,” he says. H. D. Moore, director of
security research for BreakingPoint Systems, says a more effective attack than
waging a DOS on firmware would be to deliver malware. “It seems like if you can
do a remote update of firmware, it would better to deliver a Trojan’ed firmware
image, instead of just a DOS,” Moore says.

Meanwhile, Smith says he is not aware of any phlashing
PDOS attacks in the wild to date, but there are a few precautions to protect
against these attacks. Unfortunately, there isn’t a magic bullet, but making
sure the flash update mechanisms have authentication so as not just anyone can
perform an update is a start,” Smith says. “Beyond this, flash update
mechanisms need to be designed with malicious attacks in mind.” Higgins reports
that Smith has no plans yet for releasing his PhlashDance tool.