You know all that network hardware that runs quietly 24 hours a day in server rooms around the world? What if black-hats could exploit remote firmware flashing utilities to take over -- or completely destroy -- vulnerable gear? Though still theoretical, PDOS -- permanent denial-of-service -- attacks will be demonstrated by researchers from HP Security Labs at the EUSecWest security conference in London this week. "Phlashing", as it's being referred to, focuses on exploiting network-enabled firmware updates, making use of a fuzzing tool that tricks hardware into flashing anything from back-door access to a corrupt image, causing complete and permanent hardware failure. There's no reason to panic just yet (especially not when it comes to consumer devices, which typically don't support remote firmware updates), but given the amount of unattended and relatively dormant enterprise network hardware out there, this could be something for admins to seriously think about.

[Via Slashdot]

0 Comments

Phlashing PDOS firmware attack could permanently disable hardware