DDoS Fire & Forget: PDoS – A Permanent Denial of Service
You no longer have to don an X-wing fighter or take a sledgehammer to a network to make the environment inoperable. A small, but growing trend called permanent denial-of-service (PDOS) attacks can do that for you and this tactic is being used more frequently to sabotage networks and exploit security flaws.
How Does a PDoS Attack Work?
A permanent denial-of-service (PDoS) attack, also known loosely as phlashing in some circles, is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. By exploiting security flaws or misconfigurations PDoS can destroy the firmware and/or basic functions of system. It is a contrast to its well-known cousin, the distributed denial-of-service (DDoS) attack, which overloads systems with requests meant to saturate resources through unintended usage.
One method PDoS accomplish its damage is via remote or physical administration on the management interfaces of the victim’s hardware, such as routers, printers, or other networking hardware. In the case of firmware attacks, the attacker may use vulnerabilities to replace a device’s basic software with a modified, corrupt, or defective firmware image—a process which when done legitimately is known as flashing. This therefore “bricks” the device, rendering it unusable for its original purpose until it can be repaired or replaced. Other attacks include overloading the battery or power systems.
Why Bother with Temporary Outages when you can Achieve Permanent?
Imagine a fast moving bot attack that is not designed for collecting data, but instead, is used to deny a victim’s technology from functioning at all. Think that’s crazy talk? Well, not really. PDoS has been around for a long time; however, it only shows itself spectacularly to the public from time to time. Let’s explore some examples of this heinous technique.
In a recent article published by Help Net Security, they detailed how a new USB exploit can be inserted into a computer and render a computer bricked. In fact, according to Help Net, the latest PDoS USB attack “when plugged into a computer … draws power from the device itself. With the help of a voltage converter, the device’s capacitors are charged to 220V, and it releases a negative electric surge into the USB port.”
Another example, covered in a 2008 article in Dark Reading additionally highlighted a tool uncovered by HP Labs called PhlashDance. This tool was leveraged to find vulnerabilities in often forgotten firmware and binaries that sit localized on computing devices. The risk lies in the lack of patches and upgrades made to the devices.
This article goes on to say that “remotely abusing firmware update mechanisms with a phlashing attack, for instance, is basically a one-shot attack. Phlashing attacks can achieve the goal of disrupting service without ongoing expense to the attacker; once the firmware has been corrupted, no further action is required for the DOS condition to continue.”
Assessing Risks and Taking Action
The following behaviors and trends may increase the risk of a PDoS attack targeting your organization.
- Running a highly virtualized environment that leverages few hardware devices, but powerfully overloads software functions. One PDoS on the platform can create a disaster recovery situation at a minimum. This includes Software Defined Networks (SDNs).
- Organizations highly dependent on IoT. “Things” are highly susceptible to PDoS as they are often simple machines with little to no inherent security measures.
- Organizations with centralized security gateways. One powerful PDoS can punch a hole in your attack detection and mitigation capabilities.
- Organizations that are considered critical infrastructure.
The clear action to take is to conduct an assessment straight away on the type of technology you are running at or below the operating system level. Develop a clear understanding of the different firmware versions, binaries, chip-level software (like ASICs and FPGA) and technology that is in use in your environment. Considerations should also be made for battery, power, and fan system vulnerabilities.
Assessing the likelihood and risk of a PDoS attack can help you to take the necessary precautions and onboarding controls to protect your most critical assets. Education is an important step in evaluating your risk of PDoS and DDoS Attacks and the DDoS Handbook is an additional resource that can provide expert advice and actionable tools and tips to help detect and stop attacks.