Hewlett Packard’s Systems Security Lab has detailed a new type of attack that impacts hardware rather than software. Exploiters, who are finding it harder and harder to to find loopholes in software systems, are beginning to take advantage of an attack called phlashing. This attack, even though it has existed for a number of years, pinpoints Network Enabled Embedded Devices (NEEDS).
These NEEDS are vulnerable because of a security flaw found within the actual hardware of the computer. Network enabled embedded devices have instructions called firmware for interfacing with other components. Firmware is written in computer readable language- extremely basic in nature. Exploits targeting this kind of language are not scannable by anti-virus programs since they exist at so basic of a level.
The principle vector for this type of permanent denial of service is loading a corrupted BIOS (Basic Input/Output Device System) onto the computer. The corrupted BIOS ruins the hardware when it is turned on. Options for mitigating this attack are limited- your only option is to replace the hardware. Recently, reports have surfaced of counterfeited routers and other hardware being sold to the U.S. government and military. The fear is that malicious coders and criminals would load corrupted firmware onto these networked devices. If a company or government agency were to implement these corrupted devices into their network, it could possibly bring thier entire network to its knees.
A big debate is surfacing concerning the likelihood that this kind of attack would be implemented by hackers. As my previous articles have highlighted, most hackers find it more efficient to hijack a computer to use as a part of a virtual army in a botnet; rather than render it useless with a virus. Additionally, the risk of being caught executing this kind of attack on companies is very high. Today, companies find it acceptable to guard against malware and phishing without too much involvement with law enforcement. Messing with the hardware infrastructure of a company is an expensive proposition, making the attackers a prime target for investigators. The way I figure, most criminals would prefer to stay out of reach of the long arm of the law.
Even if PDoS attacks don’t become a prevalent attack vector for exploiters and hackers, researchers at HP note that it reflects the ongoing diversification of malware. It is possible that the evolution of attacks such as these will one day denote a shift in common attack strategies. The reserachers suggest that system engineers and administrators include protecting against this type of attack in thier network topology. Defense in depth techniques could be strengthened with this type of attack in mind