Overheard: Word of the Day

May 21 2008   1:21PM GMT

Overheard: Why would anyone want to attack the firmware?

Margaret Rouse Margaret Rouse Profile: Margaret Rouse

dept_justice.jpg The danger with embedded devices is that they are often forgotten. They don’t always get patched or audited, and they can contain application-level vulnerabilities, such as flaws in the remote management interface that leave the door open for an attacker.

Rich Smith as quoted in Permanent Denial-of-Service Attack Sabotages Hardware

We aren’t seeing the PDOS attack as a way to mask another attack, such as malware insertion, but as a logical and highly destructive extension of the DDOS [dedicated denial of service] criminal extortion tactics seen in use today.

So this is about corporate sabatoge? Or criminals wiping out a few routers and extorting money for keeping the rest of the company’s network operational? Wow.  Sounds like a good plot for a John Grisham book. 

Rich Smith (HP System Security Lab)  has even come up with a cool name for the attacks: phlashing.  And the fuzzing tool he developedfor either launching an attack or detecting vulnerabilities? PhlashDance. 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: