phlashing

Phlashing is a permanent denial of service (PDoS) attack that exploits a vulnerability in network-based firmware updates. Such an attack is currently theoretical but if carried out could render the target device inoperable... (Continued)

Phlashing is a permanent denial of service (DoS) attack that exploits a vulnerability in network-based firmware updates. Such an attack is currently theoretical but if carried out could render the target device inoperable.

Rich Smith, head of HP's Systems Security Lab, discovered the vulnerability and demonstrated the attack at the EUSecWest security conference in June 2008. In a real-world execution, an attacker could use remote firmware update paths in network hardware, which are often left unprotected, to deliver corrupted firmware and flash this to the device. As a result, the device would become unusable.

The likelihood of phlashing attacks is under some debate. Like other types of exploits, DoS has become increasingly profit-driven. Although phlashing would be cheaper to execute and more damaging than a traditional DoS attack, its potential for gain is limited because once the network hardware has been rendered useless, the victim has no incentive to pay the attacker. The attacker's only prospect for gain would be to threaten to attack and demand a payoff to refrain from doing so. However, as suggested on the Hack a Day blog, the same attack vector could be more effectively used to flash a device with malware-embedded firmware.

This was first published in July 2008

Continue Reading About phlashing

Dig deeper on Network Protocols and Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close