 - Phlashing is a permanent denial of service (DoS) attack that exploits
a vulnerability in network-based firmware updates. Such an attack is
currently theoretical but if carried out could render the target device
inoperable.
Rich Smith, head of HP's Systems Security Lab, discovered the vulnerability and demonstrated the attack at the EUSecWest security conference in June 2008. In a real-world execution, an attacker could use remote firmware update paths in
network hardware, which are often left unprotected, to deliver
corrupted firmware and flash this to the device. As a result, the device would become unusable.
The likelihood of phlashing attacks is under some debate. Like other types of exploits, DoS has become increasingly profit-driven. Although phlashing would be cheaper to execute and more damaging than a traditional DOS attack, its potential for gain is limited because once the network hardware has been rendered useless, the victim has no incentive to pay the attacker. The attacker's only prospect for gain would be to threaten to attack and demand a payoff to refrain from doing so. However, as suggested on the Hack a Day blog, the same attack vector could be more effectively used to flash a device with malware-embedded firmware.
| LAST UPDATED: |
07 Jul 2008
|
 |
Read more about phlashing:
|
|
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
 |
 |
| |
RELATED GLOSSARY TERMS
| Terms from Whatis.com − the technology online dictionary |
 |
DNS rebinding attack
(SearchSecurity.com)
DNS rebinding is an exploit in which the attacker uses JavaScript in a malicious Web page to gain control of the victim's router. The attack works...
|
|
drive-by pharming
(SearchSecurity.com)
Drive-by pharming is a vulnerability exploitation method in which the attacker takes advantage of an inadequately unprotected broadband router to gain...
|
|
|
