Phlashing attack permanently destroys hardware over the network

A scary new (theoretical) malware attack, Phlashing, involves tricking a remote device into letting you flash its firmware so that the machine can't ever be rebooted, and must be pulled out and replaced. They're called it a "Permanent Denial of Service" (PDOS) attack — there's a ton of tasty new coinages in this little bit of ugliness.

Smith will demonstrate how network-enabled systems firmware is susceptible to a remote PDOS attack — which he calls "phlashing" — this week at the EUSecWest security conference in London. He'll also unveil a fuzzing tool he developed that can be used to launch such an attack as well as to detect PDOS vulnerabilities in firmware systems.

His so-called PhlashDance tool fuzzes binaries in firmware and the firmware's update application protocol to cause a PDOS, and it detects PDOS weaknesses across multiple embedded systems.


(via /.)