Definition

phlashing

Phlashing is a permanent denial of service (DoS) attack that exploits a vulnerability in network-based firmware updates. Such an attack is currently theoretical but if carried out could render the target device inoperable.

Rich Smith, head of HP's Systems Security Lab, discovered the vulnerability and demonstrated the attack at the EUSecWest security conference in June 2008. In a real-world execution, an attacker could use remote firmware update paths in network hardware, which are often left unprotected, to deliver corrupted firmware and flash this to the device. As a result, the device would become unusable.

The likelihood of phlashing attacks is under some debate. Like other types of exploits, DoS has become increasingly profit-driven. Although phlashing would be cheaper to execute and more damaging than a traditional DoS attack, its potential for gain is limited because once the network hardware has been rendered useless, the victim has no incentive to pay the attacker. The attacker's only prospect for gain would be to threaten to attack and demand a payoff to refrain from doing so. However, as suggested on the Hack a Day blog, the same attack vector could be more effectively used to flash a device with malware-embedded firmware.

This was last updated in July 2008
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: