Overheard in the tech blogosphere » Firmware http://itknowledgeexchange.techtarget.com/overheard A Whatis.com blog Tue, 19 Feb 2013 14:32:17 +0000 en-US hourly 1 Overheard: Why would anyone want to attack the firmware? http://itknowledgeexchange.techtarget.com/overheard/overheard-why-would-anyone-want-to-attack-the-firmware/ http://itknowledgeexchange.techtarget.com/overheard/overheard-why-would-anyone-want-to-attack-the-firmware/#comments Wed, 21 May 2008 13:21:31 +0000 Margaret Rouse http://itknowledgeexchange.techtarget.com/overheard/overheard-why-would-anyone-want-to-attack-the-firmware/ dept_justice.jpg The danger with embedded devices is that they are often forgotten. They don’t always get patched or audited, and they can contain application-level vulnerabilities, such as flaws in the remote management interface that leave the door open for an attacker.

Rich Smith as quoted in Permanent Denial-of-Service Attack Sabotages Hardware

We aren’t seeing the PDOS attack as a way to mask another attack, such as malware insertion, but as a logical and highly destructive extension of the DDOS [dedicated denial of service] criminal extortion tactics seen in use today.

So this is about corporate sabatoge? Or criminals wiping out a few routers and extorting money for keeping the rest of the company’s network operational? Wow.  Sounds like a good plot for a John Grisham book. 

Rich Smith (HP System Security Lab)  has even come up with a cool name for the attacks: phlashing.  And the fuzzing tool he developedfor either launching an attack or detecting vulnerabilities? PhlashDance. 

]]> http://itknowledgeexchange.techtarget.com/overheard/overheard-why-would-anyone-want-to-attack-the-firmware/feed/ 0