This presentation intends to discuss a new class of attack termed Permanent Denial Of Service (PDOS) targeted against embedded devices. Specifically, a particular manifestation of PDOS will be discussed which targets the firmware update mechanisms of embedded devices, such abuses of flash update mechanisms to cause PDOS conditions have been named Phlash attacks (cuz every attack needs a u2018phu2019 right!). Phlash attacks targeting both the flash update mechanisms of devices, and the structuring of the binary firmware's themselves will be discussed in a generic way. The presentation will also discuss the development of a generic fuzzing framework called PhlashDance, which aims to assist in the automatic identification of PDOS vulnerabilities across an extensible range of embedded devices. Beyond the pure technicalities of how Phlash attacks may be mounted, the presentation will also discuss why such novel attack vectors will be of particular concern to technology vendors, and the difficulties being faced in responding to and mitigating such vulnerabilities.u6b64u6f14u8b1bu4ecbu7d39u4e00u7a2eu65b0u7a2eu985eu7684u653bu64cauff1au300cu6c38u4e45u6027DOS --uff08Permanent Denial Of Service (PDOS)u300duff0cu4e3bu8981u91ddu5c0du5d4cu5165u5f0fu7cfbu7d71u4e4bu8a2du5099u3002 u6211u5011u5c07u4ecbu7d39u4e00u7a2eu865fu7a31u70bau300cPhlashu300du4e4bPD Su653bu64cau624bu6cd5uff0cu4e3bu8981u5229u7528u97ccu9ad4u4e4bflashupdateu6a5fu5236uff0cu9054u6210PDOSu4e4bu76eeu7684u3002u6211u5011u5c07u91ddu5c0du5404u5d4cu5165u5f0fu7cfbu7d71u4e4b flashupdateu6a5fu5236u8207u97ccu9ad4u672cu8eabu7684u7d50u69cbu505au6df1u5165u7684u5206u6790uff0cu4e26u4ecbu7d39u4e00u500bu901au7528u7684u6a21u7ccau66b4u529bu5f0fu63a2u6e2cu5e73u53f0uff08genericfuzzingframeworkuff09PhlashDanceu3002 PhlashDanceu80fdu81eau52d5u5728u5404u5f0fu5404u6a23u4e0du540cu7684u5d4cu5165u5f0fu7cfbu7d71u4e2du627eu51faPDOSu6f0fu6d1e.u9664u4e86u4ecbu7d39u9019u4e9bu6280u8853u7d30u7bc0u4ee5u5916uff0cu6211u5011u4e5fu5c07u89e3u91cbuff0c u70bau4f55u9019u7a2eu65b0u578bu653bu64cau5fc5u9808u53d7u5230u5404u5ee0u5546uff08ITuff0cu624bu6a5fu8207u884cu52d5u88ddu7f6euff09u4e4bu95dcu5fc3uff0cu4ee5u53cau907fu514du6b64u7a2eu653bu64cau4e4bu7a2eu7a2eu56f0u96e3u8655.