Don't phlash that dwarf - hand me the pliers!

[David Farber <dave () farber net>]

Begin forwarded message:

> From: Randall Webmail <rvh40 () insightbb com>
> Date: May 21, 2008 4:18:00 PM EDT
> To: "dewayne () warpspeed com" <dewayne () warpspeed com>, David Farber <dave () farber net 
> >, "johnmacsgroup () yahoogroups com" <johnmacsgroup () yahoogroups com>
> Subject: Don't phlash that dwarf - hand me the pliers!

> <http://www.theregister.co.uk/2008/05/21/phlashing/>
>
> Phlashing attack thrashes embedded systems
> By John Leyden
> Published Wednesday 21st May 2008 16:16 GMT
>
> A security attack that damages embedded systems beyond repair was  
> demonstrated for the first time in London on Wednesday.
>
> The cyber-assault thrashes systems by abusing firmware update  
> mechanisms. If successful, the so-called phlashing attack would  
> force victims to replace systems.
>
> The attack was demonstrated by Rich Smith, head of research for  
> offensive technologies and threats at HP Systems Security Lab, at  
> the EUSecWest <http://www.eusecwest.com/agenda.html> security  
> conference in London on Wednesday. Smith told <http://www.darkreading.com/document.asp?doc_id=154270&WT.svl=news1_1 
> > Dark Reading that such as "permanent denial of service" attack  
> could be carried out remotely over the internet.
>
> Theoretically the attack could be both more effective (as the damage  
> caused would be harder to recover from) and cheaper than  
> conventional denial of service attacks, which typically rely on  
> hackers paying to rent control of a network of compromised PCs.
>
> The PhlashDance approach relies on exploiting frequently unpatched  
> vulnerabilities in embedded systems, such as flaws in remote  
> management interfaces, to get access to a system. That alone  
> wouldn't be enough, but because firmware updates are seldom secured,  
> the possibility exists of making an update that effectively trashes  
> a system.
>
> Smith is calling on vendors to authenticate the mechanism as one way  
> of defending against such attacks. He is demonstrating a tool to  
> search for vulnerabilities in firmware, as well as an attack  
> mechanism to corrupt vulnerable firmware at EUSecWest.
>
> There's no record of such an attack even occurring and other  
> security watchers are sceptical over whether crackers could make  
> money - the main motive for denial of service attacks - from such an  
> approach. Both H D Moore of Metapolit fame and the Hack a Day blog <(http://www.hackaday.com/2008/05/20/phlashing-denial-of-service-attack-the-new-hype 
> > reckon that exploiting vulnerabilities to plant malware in  
> firmware is a far more insidious and dangerous type of attack than  
> simply destroying systems.
>
> Another presentation at EuSecWest will demonstrate a proof of  
> concept rootkit capable of covertly monitoring and controlling Cisco  
> routers. The Cisco IOS rootkit software was developed by Sebastian  
> Muniz, of Core Security. ®
>
> Related stories
>
> Rootkits on routers threat to be demoed (15 May 2008)
> http://www.theregister.co.uk/2008/05/15/router_rootkit/
> Researchers dig into x86 chips for stealthier rootkits (12 May 2008)
> http://www.theregister.co.uk/2008/05/12/smm_rootkits/
> SanDisk warns that unsecured flash drives are coming to get you (11  
> April 2008)
> http://www.theregister.co.uk/2008/04/11/sandisk_usb_thumb_drive_security_threat/
> Build malware protection into operating systems (17 September 2007)
> http://www.theregister.co.uk/2007/09/17/gartner_rutkowska/



-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com