Overheard: Hacking flash

With normal memory and normal hard-disks, you can rewrite the contents trillions of times without concern. With flash memory, after rewriting data a few hundred thousand times, the block goes bad. It’s quite easy to intentionally write a program that would continuously overwrite a block of flash until it failed. Robert Graham, Hacking Flash Memory

At my previous employer, we found vulnerabilities in Cisco routers that would potentially allow us to create a worm. As part of our threat modeling, we considered what would happen if such a worm were to intentionally destroy the flash in a Cisco router. These routers boot from flash, so all the worm had to do was continuously overwrite the boot sector, then the router would no longer be able to boot. The flash in many (if not most) Cisco routers is soldered in. Therefore, destroying the flash would “brick” the device.

If you “brick” a device, that’s like “toasting” a device. You break it. Permanently. It’s toast. It’s a brick.