CyberInsecure.com

Daily cyber threats and internet security news alerts
May 21st, 2008

Remote Attack Could Damage Systems Hardware Beyond Repair

An attack, demonstrated by Rich Smith from HP Systems Security Lab at the EUSecWest security conference in London, showed that embedded systems hardware can be damaged beyond repair. The attack could be carried out remotely over the internet.

The attack was demonstrated for the first time in London on Wednesday and was called by Smith “permanent denial of service”. The attack thrashes systems by abusing firmware update mechanisms and if successful, the so-called “phlashing” attack would force victims to replace systems and cause financial damage.

Theoretically the attack could be cheaper and more effective (as the damage caused would be harder to recover from) than conventional denial of service attacks, which typically rely on hackers paying to rent control of a network of compromised PCs.

The new approach relies on exploiting frequently unpatched vulnerabilities in embedded systems, such as flaws in remote management interfaces, to get access to a system. That alone wouldn’t be enough, but because firmware updates are seldom secured, the possibility exists of making an update that effectively trashes a system.

Smith is calling on vendors to authenticate the mechanism as one way of defending against such attacks. He is demonstrating a tool to search for vulnerabilities in firmware, as well as an attack mechanism to corrupt vulnerable firmware at EUSecWest.

Another presentation at EuSecWest will demonstrate a proof of concept rootkit capable of covertly monitoring and controlling Cisco routers. The Cisco IOS rootkit software was developed by Sebastian Muniz, of Core Security and was recently reported.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • Facebook
  • LinkedIn
More on CyberInsecure:
  • Remote Code Execution Through Intel CPU Vulnerability Will Be Presented In Hack In The Box Security Conference
  • 16 Mac OS X Flaws Including DNS Vulnerability Fixed By Apple
  • Researchers Discovered A New Technique For Stealthier Rootkits
  • Exploit Targeting Corporate Computer Associates Users
  • CitectSCADA ODBC Service Exploit Published, Computerized Control Systems In Critical Facilities Are Vulnerable

    • Posted in Hardware, Targeted Attacks, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Wednesday, May 21st, 2008 at 10:24 am and is filed under Hardware, Targeted Attacks, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Remote Attack Could Damage Systems Hardware Beyond Repair

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. Please leave your real email, it wont be published.

    *
    To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word

    « « More Websites Are Compromised, This Time Avoiding Chinese Websites And Users
    Apple iTunes Users Are Targeted By Phishers » »