Comments on: Phlashing denial of service attack, the new hype

By: services

services — Sat, 31 Oct 2009 05:49:13 +0000

I never heard about PDOS attack before, thanks for sharing..

By: beakmyn

beakmyn — Wed, 21 May 2008 22:18:31 +0000

Robert Graham talked about this very thing.
http://erratasec.blogspot.com/2008/01/hacking-flash-memory.html

By: hkm

hkm — Wed, 21 May 2008 20:23:59 +0000

Nice, now it has a name. This can also be done via CSRF to popular ISP provided home routers, home users cant bring a router back to life.

By: Wolf

Wolf — Wed, 21 May 2008 16:57:51 +0000

phnoty:

more reliably, you could take the origional firmware, hex edit it a bit, then flash it on normally.

Me and an admin were thinking about doing this to a rouge DHCP on his network, but decided it was too evil, and just changed its settings, and password, then turned off the port it was connected too.

By: phnoty

phnoty — Wed, 21 May 2008 12:41:59 +0000

Hmm say you were to crack “someone’s” wep/wpa AP if it’s wireless and if it wasnt already unproteced,
log in to there router strat a firmware upgrade and turn off there power half way through would that work the same way ?

By: cokebottle

cokebottle — Wed, 21 May 2008 03:33:23 +0000

been there done that unintentionally almost owed the compsci department a new router dident ask how much it would have cost me. having said that, its really not all to hard to unbrick routers.

By: cde

cde — Wed, 21 May 2008 02:48:38 +0000

You are my competition. I destroy your web presence. I make more money by being the only one up and running.

There's your profit motive.

(Or in Lol: Ur mah competizion. I has set u up the bomb. Lol.)

By: Mike Stiber

Mike Stiber — Wed, 21 May 2008 00:34:29 +0000

Seems like a good way to spread chaos with relatively little effort or risk. Just develop the software infrastructure — and relatively small hardware infrastructure — to scan for unsecured devices and brick them. I wonder how many police surveillance cameras can be remotely flashed, for example?

By: Solenoidclock

Solenoidclock — Tue, 20 May 2008 23:57:36 +0000

I’ve cringed at viruses that go after your BIOS, but this is just too cool. Also, since when does this not pose a threat? Correct me if I’m wrong, wouldn’t complete control over the firmware offer you complete control of a device’s behavior? You could peer around encryption, route packets, selectively deny access around a network, and so much more.

By: Jesse Krembs

Jesse Krembs — Tue, 20 May 2008 23:46:04 +0000

Well this is pretty handy attack if, your not thinking commercially. If say my goal is to ruin your ability to operate on the internet and I can brick all your edge routers, I’d say it works for me. Not everything has a direct profit motive.