Category: 

What is Phlashing?

Phlashing disables the firmware on a piece of hardware, like a router.
Phlashing isn't considered a particularly effective hacking tool.
Article Details
  • Written By: Mary McMahon
  • Edited By: Bronwyn Harris
  • Last Modified Date: 22 August 2014
  • Copyright Protected:
    2003-2014
    Conjecture Corporation
  • Print this Article
Free Widgets for your Site/Blog
A worker bee produces one-twelfth of a teaspoon (0.4 mL) of honey in its lifetime.  more...

August 31 ,  1897 :  Thomas Edison patented the first movie projector.  more...

Phlashing is a technique which can be used to permanently disable hardware by loading a corrupted BIOS onto the hardware. In a simple example of phlashing, a digital camera could be rendered inoperable by destroying the firmware which is used to run the camera. A phlashing demonstration was performed for security professionals in May 2008, illustrating the potential dangers of this technique, although many professionals were skeptical about whether or not phlashing would actually be used in the wild.

This technique relies on the fact that electronics like computers, routers, cameras, scanners, and other peripherals rely on firmware to run, and such firmware needs to be updated periodically. As a result, manufacturers set their equipment up in such a way that it is easy to update the firmware, and in many cases poor security protocols are in place, leaving the electronics vulnerable to attack.

When someone updates the firmware on a device, it is known as “flashing,” and the word “phlashing” is clearly derived from the more legitimate sense of firmware updates. As anyone who has upgraded firmware knows, flashing can be a dicey business, as any interruption in the process can brick the hardware, rendering it inoperable. When something is phlashed, the bricking would be deliberate.

Ad

In terms of hacking tools, phlashing isn't terribly effective, unless the goal is to get revenge. Some security professionals have suggested that phlashing could be used by griefers, for example, or by hackers who attempted to bring down a server with a Denial of Service Attack first. Phlashing is sometimes referred to as a “Permanent Denial of Service Attack,” in a reference to this, as the destruction of vital hardware like routers and servers would certainly result in an interruption of service.

Phlashing could also potentially be used to take over a piece of hardware, by updating firmware which allowed for easy remote access. This could create a major security breach, especially if the hardware involved was a server or router, as large amounts of sensitive information passes through servers and routers.

In response to the threat of phlashing, organizations concerned with electronic security have suggested that it may be time to develop less vulnerable firmware to protect consumers and the industry in general.

Ad

Discuss this Article

Post your comments

Post Anonymously

Login

username
password
forgot password?

Register

username
password
confirm
email