Stuxnet's malware for computer hardware attacks can ruin the entire enterprise by destroying physical servers, network environments, and storage resources within our data centers. Unlike Stuxnet, this type of malware is not difficult to write.
This is the blunt warning ItzikKotler in HackInTheBox hacker conference held in Amsterdam last month issued. Kotler is the Chief Technology Officer of SecurityArt, an information security company.
software attacks are classified as permanent denial of service (referred to PDoS) type of attack, it can cause serious damage to the physical hardware, or even never be able to return to work. The Stuxnet virus -- the virus that once attacked Iran's nuclear facilities -- is so complex that many security companies believe it is produced by one or more government agencies, not a single hacker's personal work.
but that does not mean that all classes PDoS attacks are difficult to create, Kotler said. “Think about it – we can make bricks or iPods “block bricks” when we want to jailbreak,” he pointed out. As early as 2008 at the EUSecWest conference, Hewlett-Packard researcher RichWest said that network-attached storage, networking and security devices could be easily attacked by downloading malicious firmware and accessing flash devices, which made the hardware inoperable. For this reason, manufacturers are required to ensure that digital signatures in their device firmware updates have historically been viewed as a trending standard.
device firmware and software status of being attacked because of the inherent vulnerabilities and take advantage of being different. You can achieve the goal of bricking a server or router by sending destructive malicious microcode to the CPU or sending a large amount of spam to the BIOS. Although generally speaking, the server BIOS can be restored to work again, Kotler pointed out, but if 5,000 servers on the same network are attacked and smashed together, the consequences will definitely bring disaster to the enterprise. Sexual influence. Other high-end NICs such as graphics cards, disk drives, and TCP offload engines (TOE) can also cause firmware corruption under malicious attacks.
but physical damage to computer hardware and how is it a process? In fact, software attacks can easily destroy hardware, Kotler said. "We are used to the damage of malware to other software, but we ignore the software's ability to control the hardware. This means that we can slowly destroy the hardware by changing the software content and running it. Similarly, we can borrow come by the hardware that can directly damage the indirect impact is difficult to reach other hardware "
malware can use the following several simple way to cause damage to our server hardware:
overclocking: Games Enthusiasts tend to overclock their hardware to improve performance, but they know that overclocking systems need to be backed by powerful and efficient cooling systems to take away excess heat generated by overclocking. Overclocking through malware or tampering with BIOS information does not have an additional cooling system, which is followed by permanent damage to the CPU and memory. And in this case, even if we replace the damaged hardware components, the same problem will reappear soon.
overpressure: overclocking and over-pressure can be described as one pair based Friends. By increasing the motherboard's supply voltage, a component on it can easily "hang", and it all happens in an instant. A small overpressure will cause the component's heat to rise slightly, which in turn causes so-called electromigration. Over time, this can cause damage to the CPU pins or memory modules and eventually crash the system. Like overclocking, replacing faulty components is also a temporary solution, and old problems will inevitably recur.
overuse (mechanical angle): wear of mechanical parts and the superheat generated in use will gradually deepened, while the hard disk drive may be damaged due to the excessive parked or read and write head. For example, the following command:
whiletrue; doddif = /dev /xxxof = /dev /xxxconv = notrunc; done
creating an infinite loop of disk read and write requests, which causes the server the hard disk drive quickly overheat, and immediately failure:
hdparm-S1 /dev /xxxwhiletrue; sleep60; ddif = /dev /randomof = foobarcount = 1; done
above code will cause a hard The drive speed is reduced, wait a minute, start, write random information, then lower the speed again, and cycle back and forth. "Soon, the hard drive will start to make an abnormal noise, and the effect of the attack will also appear," Kotler said.
overuse (electronic angular): no moving parts internal flash memory, but can be artificially continuously write failure. To achieve this purpose, the following line just simple code:
ddif = /dev /urandomof = /dev /xxx
the event of a fault, the flash can not continue properly store the information. Although on the surface it only makes us lose a USB flash drive, this kind of phenomenon is entirely likely to have more serious consequences. For example, if the fault is the flash memory in the router, then it can not continue to store log files or receive updates, we can only choose to replace the device.
excessive cycles: the cycle of continuous power supply system is a very basic attack, but could bring all sorts of very interesting results, Kotler said. This is because the temperature rises when the system is turned on and decreases when it is turned off, and when the temperature is at the inflection point and the voltage is at its peak, it can cause damage to any unpredictable part of the system.
many companies around the world are faced with large and small Denial of Service (referred to DdoS) threat of attack, and suffered a huge number of huge extortion. “Hacktivist”, like other organizations that use DdoS attacks to retaliate, insists that their actions are very reasonable.