Sponsored Links

Phlashing PDOS firmware attack could permanently disable hardware

Phlashing PDOS firmware attack could permanently disable hardware
Joshua Fruhlinger
Joshua Fruhlinger|@fruhlinger|May 20, 2008 6:24 PM
You know all that network hardware that runs quietly 24 hours a day in server rooms around the world? What if black-hats could exploit remote firmware flashing utilities to take over -- or completely destroy -- vulnerable gear? Though still theoretical, PDOS -- permanent denial-of-service -- attacks will be demonstrated by researchers from HP Security Labs at the EUSecWest security conference in London this week. "Phlashing", as it's being referred to, focuses on exploiting network-enabled firmware updates, making use of a fuzzing tool that tricks hardware into flashing anything from back-door access to a corrupt image, causing complete and permanent hardware failure. There's no reason to panic just yet (especially not when it comes to consumer devices, which typically don't support remote firmware updates), but given the amount of unattended and relatively dormant enterprise network hardware out there, this could be something for admins to seriously think about.

[Via Slashdot]
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.