Put simply, a Permanent Denial of Service (aka PDoS) attack is a hack that intentionally causes physical damage to a device.
WHY WOULD SOMEONE PDoS?
DoS stands for “Denial of Service” and usually that means an attacker wants to temporarily block access to your system so they can extract money from you. PDoS attacks are by definition permanent so why would someone do that do you?
1 – Governments & Corporate Competitors
Governments and your competitors are not likely interested in extorting money from you but they are interested in damaging your progress. If this interests you, the second half of this documentary provides a fascinating insight into how the NSA, CIA, US Cyber Command, Mossad and others developed, released and lost control of the the worlds first giant cyberwarfare attack:
- The US Government has been accused (and 99% admitted) that they slowed down the Iranian nuclear program in 2010 by making their centrifuges spin too fast using malware called Stuxnet
- There have been rumours that Huawei has planted malicious firmware to take out competitor computers to slow down their research and development projects
2 – Disgruntled Staff
If a current or former staff member is angry with you and they have some technical skills, particularly if they have detailed knowledge of your devices and upgrading procedures, they could schedule corrupted firmware upgrades to run off hours, killing hundreds or thousands of devices in a single night.
3 – Anarchists
Some people just like causing problems for others. Payeta is a famous recent example of malware that was largely used just to be annoying. However, nearly all early computer virus’ were destructive (although most did not meet the PDoS threshold) set loose on the world by people who just wanted to see what would happen.
The following is a real call to arms titled “Attack with COVID-19” from an electronic anarchist group:
“…Sabotage flows of capital, both online and offline; Steal ruthlessly, share selflessly; Death to all which stands in the way of freedom; Long Live Anarchy” SOURCE
4 – Ethical Hackers (aka Hacktivists)
There are those that have fundamental differences of opinion with companies and think that they must stop them in any way they can. Consider some of the more radical situations:
- ISIS / ISIL vs the Catholic Church
- People for the Ethical Treatment of Animals (PETA) vs any of the large cosmetic companies
- Greenpeace vs oil companies
IS THERE A GOOD REASON TO PDoS?
There are, however, a few situations where PDoS attacks are done for good reason.
1 – Stolen or Lost Hardware
It is very important to most companies that their HR information, processes, schematics, future plans, sales details, client lists, accounting data and other files not be leaked outside their company so some security firms provide management tools allow administrators to intentionally damage (aka ‘brick’) lost or stolen hardware. For instance Computrace LoJack worked with hardware vendors like Intel, HP and Dell to install physical components on motherboards that will remotely kill the devices if an administrator requests it.
2 – Discourage Hackers / Crackers
Many people have “bricked” their cell phone by attempting to install faulty pre-release operating systems (like iOS and Android). Apple in particular seems to not like users making changes to their devices and has been accused of putting fake (and damaging) firmware upgrades onto black sites.
HOW CAN A PDoS ATTACK BE ACHIEVED?
PDoS attacks are accomplished in three common ways:
1 – IN PERSON ATTACK, LIKE WITH A USB STICK
If someone has physical access to your devices they could pour water into them or smash them but a much more subtle approach is less likely to end up in prosecution. A inexpensive special purpose USB stick could contain hardware that overloads then blows up the circuitry of a computer, cell phone, switch, industrial equipment, router, firewall or even a car.
The video below shows a number of devices being fried by an off the shelf USB Killer product. It can be inserted into any type of USB port, HDMI port, Lightening port or RJ45 (network) port and the latest version even has a remote control and app so the attacker does not have be in front of the computer.
If someone does not access to your physical devices, they can easily fool your staff into plugging such malicious devices into their computers. If you found a USB stick on the ground of your corporate parking lot, you are most likely to take it inside and plug it in to see what is on it… booooom!
2 – CORRUPTED FIRMWARE (aka PHLASHING)
You are familiar with hardware and software but all (slight exaggeration) electronic systems have middle-ware that tells the software what the hardware is capable of. If that middle-ware is damaged, the device will not operate.
You have likely heard of “bricking” a device; that means turning it into a useless chunk of electronics by damaging the firmware so the software don’t work together. If someone installs corrupted firmware onto your cell, PC, industrial machines… those devices are unlikely to be recoverable and, at very least, the electronics will need to be replaced.
If you want to use the next version of iOS on your Apple iPhone or of Android on your Samsung Galaxy cell phone you may be tempted to download a hacked version from the internet, I certainly have. The problem is those versions are not supported by Apple or Samsung and to install them you need to ‘crack’ your phone to give the new operating system access to your firmware so if they damage your device you are on your own.
There have been several critical BIOS / UEFI updates required by Dell, HP, Samsung and other major computer manufacturers in recent years to deal with serious flaws in the Intel CPU’s. Most companies update their users BIOS’s using remote tools and so if an administrator can be convinced to install a malicious / corrupt BIOS upgrade alot of damage can be done. When these updates are done properly it is called “flashing the BIOS”; when these updates are done maliciously it is called “phlashing the BIOS”
3 – MALICIOUS SOFTWARE
It is possible to have software overdrives your hardware to the point of failure. For instance Dell has some software for tuning LCD screens that, if used maliciously, could permanently damage the screen.
Brickerbot is current malware that destroys the firmware of IoT devices (think internet connected webcams, thermostats, fridges…) rendering them garbage.
A system (cell phone, computer, industrial machine…) could be set to run beyond its limits during off times of the day when you are less likely to notice. It is possible to override the overheat protections on some systems, then drive them at full capacity until they overheat and physically, permanently fail.
Permanent Denial of Service (PDoS) attacks are real, easy and used in everything from cyberwarfare to random acts by Anarchists. You need to know that they exist and to at least consider their potential damage.