Stuxnet-style malware that attacks computer hardware could put your company out of business by physically destroying the servers, networking equipment and storage resources in your data center. Unlike Stuxnet, however, this type of malware is easy to create.
Stuxnet-style malware that attacks computer hardware, physically destroying servers, networking equipment and storage resources in your data center is easier to create than you might think. Learn how to stop it in its tracks.
That’s the stark warning Itzik Kotler issued at the HackInTheBox hacker convention in Amsterdam last month. Kotler is the chief technology officer of the information security company Security Art.
Software attacks that stop the physical hardware from ever working again are known as Permanent Denial of Service (PDoS) attacks. The Stuxnet virus — which attacked Iran’s nuclear facilities — was so complex that many security companies concluded it must have been the work of one or more government agencies rather than individual hackers.
But that doesn’t mean all PDoS attacks have to be difficult to devise, according to Kotler. “Think about it — you can “brick” an iPhone or iPod accidentally when you try and jailbreak it,” he pointed out. Back in 2008 at EUSecWest, HP researcher Rich West demonstrated that NAS, security and networking appliances can be vulnerable to malware that downloads malicious firmware and flashes the appliance with it, rendering the hardware unusable. For that reason there has been a trend toward ensuring that appliance firmware updates are digitally signed by the manufacturer.
It’s not just appliances that are susceptible to “phlashing,” as flashing with deliberately defective software is known. You can brick a server or router by phlashing the CPU with damaged or malicious microcode, or by phlashing the BIOS with garbage. Although it is usually possible to reflash a server BIOS to get it working again, Kotler pointed out that if 5,000 servers on the same network had their BIOS phlashed at the same time, the consequences would still be devastating to the organization that was the victim of the attack. Other hardware, such as graphics cards, disk drives and high-end network interface cards with TCP Offload Engine (TOE) can also be permanently diasbled by phlashing with damaged firmware.
But what about causing real physical damage to computer hardware? Software attacks can cripple hardware easily, Kotler said. “We are used to software damaging other software, but people forget that software controls hardware. That means you can alter software to make hardware perform operations that slowly damage it over time, and you can also make hardware damage other bits of hardware.”
Some simple ways that malicious software can damage your server hardware include:
while true; do dd if=/dev/xxx of=/dev/xxx conv=notrunc; done |
creates an infinite loop of disk read and write requests, which will quickly cause a server hard drive to fail through heat damage, while:
hdparm -S 1 /dev/xxx while true; sleep 60; dd if=/dev/random of=foobar count=1; done |
will cause a hard drive to spin down, wait one minute, start up, write random information, and then spin down again in an infinite loop. “Pretty quickly, the hard drive will start to make uncomfortable noises and an attack like this will wear it out very quickly,” said Kotler.
dd if=/dev/urandom of=/dev/xxx |
Once the flash memory fails, it will no longer be able to store information. While this is merely annoying in a USB flash drive, it could be a major failure issue if the flash memory in question is in a router, as it would be no longer be able to store logs or receive updates and therefore must be replaced
Many companies around the world are threatened with distributed denial of service (DDoS) attacks and blackmailed into handing over large sums of money. “Hacktivist” groups like Anonymous also use DDoS attacks to punish organizations that they feel deserve it.
Since there is little specific that companies can do to defend against PDoS attacks beyond using signed firmware updates when they are available, Kotler said he believes it may only be a matter of time before PDoS attacks become a more popular alternative.
Paul Rubens is a journalist based in Marlow on Thames, England. He has been programming, tinkering and generally sitting in front of computer screens since his first encounter with a DEC PDP-11 in 1979.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.