Phlashing is a dangerous technique that can permanently disable hardware by loading corrupted firmware. It exploits the vulnerability of electronics that rely on firmware updates, which often have poor security protocols. Phlashing can be used for revenge or as a permanent denial of service attack, and could potentially take over hardware for remote access. To protect consumers and the industry, less vulnerable firmware should be developed.
Phlashing is a technique that can be used to permanently disable hardware by loading a corrupted BIOS on the hardware. In a simple phlash example, a digital camera could be rendered unusable by destroying the firmware used to run the camera. A demonstration of phlash was performed for security professionals in May 2008, illustrating the potential dangers of this technique, although many professionals were skeptical about whether or not phlash should be used in the wild.
This technique relies on the fact that electronics such as computers, routers, cameras, scanners, and other peripherals rely on firmware to run, and that firmware needs to be updated periodically. As a result, manufacturers set up their equipment in such a way that it is easy to update the firmware, and in many cases there are poor security protocols in place, leaving the electronics vulnerable to attack.
When someone updates the firmware on a device, it’s known as “flashing” and the word “phlashing” clearly comes from the more legitimate sense of firmware updates. As anyone who has updated firmware knows, flashing can be a risky business, as any interruption to the process can damage the hardware, rendering it unusable. When something is electrocuted, the bricking would be intentional.
In terms of hacking tools, phlash isn’t very effective, unless the goal is to get revenge. Some security professionals have suggested that phlash could be used by bad actors, for example, or hackers who have attempted to take down a server with a Denial of Service attack. Phlashing is sometimes referred to as a “permanent denial of service attack” in reference to this, as destroying vital hardware such as routers and servers would definitely result in a disruption of service.
Phlashing could also potentially be used to take over a piece of hardware, updating the firmware that allowed for easy remote access. This could create a serious security breach, especially if the hardware involved was a server or router, as large amounts of sensitive information pass through servers and routers.
In response to the phlash threat, organizations concerned with electronic security have suggested that it may be time to develop less vulnerable firmware to protect consumers and the industry at large.
Protect your devices with Threat Protection by NordVPN
