B0rked into a brick.

May 20, 2008

As if it wouldn't be interesting enough at EuSecWest this week, another hardware attack has been discovered. This one is arguably nastier because it could conceivably cost the user quite a bit of money if someone hoses equipment by forcing a bad firmware flash. Rich Smith, who is the head of research into offensive technologies and threats at the HP Systems Security Lab (you know, they really could have come up with a more ominous name for their outfit) has developed a method in which an attacker can cause a permanent denial of service attack on a unit by finding vulnerabilities in the protocol used to update the firmware (usually TFTP, but there are others) and then causing a crash partway through the firmware image loading process. Bad or missing firmware usually means a bricked device, but sometimes there are ways to recover from such a problem. Either way, however, a network that's been hit is looking at replacement fees or annoyingly high amounts of time to recover from an attack.