Posted by: Margaret Rouse
embedded systems, Firmware, Hardware, Security, Technology
|The danger with embedded devices is that they are often forgotten. They don’t always get patched or audited, and they can contain application-level vulnerabilities, such as flaws in the remote management interface that leave the door open for an attacker.
Rich Smith as quoted in Permanent Denial-of-Service Attack Sabotages Hardware
We aren’t seeing the PDOS attack as a way to mask another attack, such as malware insertion, but as a logical and highly destructive extension of the DDOS [dedicated denial of service] criminal extortion tactics seen in use today.
So this is about corporate sabatoge? Or criminals wiping out a few routers and extorting money for keeping the rest of the company’s network operational? Wow. Sounds like a good plot for a John Grisham book.
Rich Smith (HP System Security Lab) has even come up with a cool name for the attacks: phlashing. And the fuzzing tool he developedfor either launching an attack or detecting vulnerabilities? PhlashDance.