phlashing

Rich Smith, head of HP's Systems Security Lab, discovered the vulnerability and demonstrated the attack at the EUSecWest security conference in June 2008. In a real-world execution, an attacker could use remote firmware update paths in network hardware, which are often left unprotected, to deliver corrupted firmware and flash this to the device. As a result, the device would become unusable.

The likelihood of phlashing attacks is under some debate. Like other types of exploits, DoS has become increasingly profit-driven. Although phlashing would be cheaper to execute and more damaging than a traditional DOS attack, its potential for gain is limited because once the network hardware has been rendered useless, the victim has no incentive to pay the attacker. The attacker's only prospect for gain would be to threaten to attack and demand a payoff to refrain from doing so. However, as suggested on the Hack a Day blog, the same attack vector could be more effectively used to flash a device with malware-embedded firmware.

Learn more about Emerging Information Security Threats

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - On ITKE's Security Corner blog, Ken Harthun explores the potential damage of a phlashing attack. - On ars technica, Joel Hruska explains how 'Phlashing attacks could render network hardware useless.' - According to Eliot Phillips on Hack a Day, 'outside of griefing, the PDoS attack is not a threat.'

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Best practices for (small) botnets Your enterprise might have a strategy to deal with a large-scale botnet attack, but how would you deal with a micro-botnet that knows how to bypass... Cybersecurity grant to fund research into critical infrastructure threats University consortium will research threats to software and data storage systems and better understand cloud-based attacks with funding from defense... RSA security conference 2010: news, interviews and updates The RSA Security Conference is valuable resource in staying educated on the information security industry. Here you will find news on the upcoming RSA...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary DNS rebinding attack  (SearchSecurity.com) DNS rebinding is an exploit in which the attacker uses JavaScript in a malicious Web page to gain control of the victim's router. The attack works... drive-by pharming  (SearchSecurity.com) Drive-by pharming is a vulnerability exploitation method in which the attacker takes advantage of an inadequately unprotected broadband router to gain...