Two Minutes to Midnight for Servers

21 05 2008

PDOS (Phlashing/Permanent Denial of Service) attacks have now entered the mainstream world. An article on Hackaday reveals this accidental discovery and the same stuff is also reported on Engadget. Although this isn’t anything new and it’s hard to execute remotely, it’s completely possible due to the pervasive nature of technology in our lives today. A standard DDoS (Denial of Service) attack shuts down websites or slows down your computer’s processes or network capabilities. The means are usually achieved by overflooding key components (CPU/RAM/etc) with large swaths of packets (data). They can also trigger recursive functions on older systems to cause a stack overflow without having to eat up bandwidth space on the network.

The vulnerability: Many devices nowadays allow for their firmwares to be updated from your couches. You no longer have to mail it to a service center or worse, buy an entirely new product for an updated software. Your Palm Pilots, phones (smart phones like Windows Mobile and Symbian devices), routers, etc are some more common instances. This procedure is known as “flashing” and is risky because if the update isn’t done right or if there is a hiccup on the network, it’s going to “brick” your device.

What do you mean by “brick”: When your electronic device is only as useful as a brick.

Why do you need to run firmware updates: Firmware updates are constantly provided by manufacturers to enhance your product’s usability and functions. They could affect anything from the user-interface to the support of additional hardware, new added functions, or provide greater efficiency and addressing bugs. Certain software might only work if you your firmware is at or greater than a certain level.

What PDOS does: Writes a corrupt firmware to complete the transformation of your device into the afore mentioned construction product. Owners of convergence devices (smart phones) need to remember to completely back up their data before flashing as we all know the risks involved.

How to prevent it: You would need to disable remote firmware updates. That option should be listed somewhere in the device’s settings section and if it’s not there, look up in the manuals because it should be. Other ways are to secure your routers and the use of strong passwords.


Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: