Can A Cyberattack Cause Physical Damage To Your Hardware?

Justin Pot 11-03-2015

Hackers and malware have shut down nuclear centrifuges in Iran and severely damaged a German steel mill. Could the same approach cause physical damage to your computer?


It’s almost impossible, whatever you might read in The Weekly World News.


Let’s be clear: your computer can’t become a bomb – there’s nothing in it that could explode. The worst case scenario is a small fire, but even that is so unlikely it’s not worth worrying about.

Let’s go over why.

Hacking Can Cause Real-World Destruction

A lot of people missed it in the midst of the Sony/Seth Rogan/North Korea hackstravaganza, but December saw a piece of shocking security news: hackers causing significant damage to a German steel mill. Someone found a way to control the plant’s equipment, preventing people on site from shutting down a blast furnace. There was “massive damage”, according to the German government.


And then there’s Stuxnet.

This intricate virus is widely believed to be the creation of US and/or Isreali intelligence agencies. This piece of malware spread throughout the Middle East on flash drives, before hitting its intended target: Iranian nuclear centrifuges. The virus spun these so fast that they broke. Reportedly, one out of five centrifuges in Iran was destroyed by Stuxnet.

Stories like this show it’s possible for cyberattacks to have real-world consequences, if the computers in question are connected to vulnerable infrastructure.

But what about home computers themselves? Could they be physically damaged?


How Could Software Cause Physical Damage?

It’s easy to understand how, say, a sledge hammer could cause physical damage to your computer. But a piece of software?

It’s possible, in theory, but it would mean bypassing a number of levels of security. Here are a few things that could work (though note that none have ever happened on a modern computer).

  • Over-Exerting the CPU could spike temperatures, which can eventually damage the CPU. Of course, fans in your computer help cool the CPU down, and most CPUs are designed to shut off when they reach a dangerously high temperatures (thermal shutdown). Any such attack would need to be pretty sophisticated, to say the least.
  • Over-Exerting the GPU could also work in theory, with the same caveats as the GPU.
  • Flashing the BIOS and/or firmware could effectively brick your computer’s motherboard, making your computer impossible to turn on (but otherwise leaving it undamaged).

There are other possibilities, most even more remote than these. If all of this sounds scary, don’t panic: none of this has ever actually happened.

Could This Happen to You?

To repeat: so far as we know, no malware or cyberattack in the wild has aimed to physically damage home or office computer systems. This is not something you need to spend a lot of time worrying about.


Having said that: is such an attack possible, even in theory?

CrowdStrike, a security vendor, says yes. At this year’s RSA Conference that company demonstrated a way to disable cooling fans while spiking the CPU of a Mac running OS X. (Windows fans, I’m sure you’ll have fun with this in the comments, but note that this is theoretically possible on PCs as well.)

“We can actually set the machine on fire,” said Dmitri Alperovitch, CrowdStrike CTO.



Again, don’t panic. This is an effective demonstration that’s likely to get a lot of attention, but it’s also pretty unlikely to happen to home computer users. The exploit requires completely replacing the Mac’s firmware, which controls every aspect of the hardware. This meant offering a fake Mac firmware update and convincing the user to install it (though I’ve had trouble finding details either way).

But even if someone figured out how to pull all of this off, it’s hard to work out a motivation for doing so.

Why Would Anyone Bother?

The people who create malware, and hack computers, generally aren’t doing it just to spread chaos. At this point in history, most of them are hoping to take advantage of your information for profit.


Maybe they want to turn your computer into a zombie Is Your PC A Zombie? And What's a Zombie Computer, Anyway? [MakeUseOf Explains] Have you ever wondered where all of the Internet spam comes from? You probably receive hundreds of spam-filtered junk emails every day. Does that mean there are hundreds and thousands of people out there, sitting... Read More , as part of a botnet for their own purposes. Maybe they want to steal your identity Medical ID Theft: How Scammers Use Records To Steal Your Identity Read More , by digging through your files and finding personal information. Maybe they’re hoping to steal BitCoins How to Spend and Store Bitcoins Safely, Easily, and for Free Read More .

Whatever it is an attacker is hoping to accomplish, they can’t do it if your computer is broken. This, combined with how difficult any attack causing physical damage would be to pull off, means we’re unlikely to see anything like this in the wild any time soon.

Threat to The Internet of Things?

Stuxnet didn’t destroy computers – it exploited computers that were attached to centrifuges, and destroyed them. In the same way, it’s really unlikely for any virus to attempt to destroy your computer, but hackers might someday go after the objects connected to it. This is why The Internet of Things could turn out to be a security nightmare Why The Internet of Things Is The Biggest Security Nightmare One day, you arrive home from work to discover that your cloud-enabled home security system has been breached. How could this happen? With Internet of Things (IoT), you could find out the hard way. Read More . For example: we’ve already seen attackers create malware for toy quadcopters Quadcopter Malware Proves Connected Toys Are A Security Risk We've recently learned that malware has been introduced to a quadcopter toy, a revelation that has left security-conscious parents concerned. Read More .

Targets like these are probably more likely than your computer, at least in my opinion. But I want to know what you think: are you worried about security problems resulting in physical damage? Let’s talk about it in the comments below.

Image Credits: burning laptop Via Shutterstock

Related topics: Anti-Malware, Internet of Things, Online Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Jeremy
    October 9, 2016 at 1:13 am

    Stuxnet is the most complex malware, So a much more simpler one is the CIH Virus, also known as Chenorbyl Virus, What it does is first fills the boot drive with 1024KB of 1s and 0s then attacks certain BIOS making a host computer, inoperable 60 million computers were believed to be infected by the virus internationally, resulting in an estimated $1 billion US dollars in commercial damages, the creator of the malware is now a chief executive officer, and founder of 8tory

  2. manuel amoros
    February 10, 2016 at 10:24 pm

    my screen and key boars stop and a voice tell me that I have a virus to call a 888... phone to clean it, I call they want $ 250 to clean the virus I disconet the laptop for 24 hours they unlock the coputer nex time they lock the key boart after the screen the power and the lapton don't work, is my second laptop they damage, the cheap new I buy I get the same, I will chain the ip address address to solve this problem , I call the FBI and they know about these people but they move and change the phone number, any one can help ?

    • Mike
      April 14, 2018 at 3:31 pm

      How do you chain your IP address? I will say, unfortunately these scammers get our information by our IP address which gives our name phone number, street address, etc. I am looking into changing my IP address information. So if I use a fake name/address on my IP address and somebody calls me and asks to speak to my fake name....I will know they are a scammer who got "my information" from my ISP address. Is this what you meant by chaining your IP address?

  3. PatL
    March 12, 2015 at 3:56 pm

    My hard drive and external drive both failed the same day, so I always wondered if it was an attack. I pulled in an older drive which worked fine, so I don't think it was the motherboard.

    • Justin Pot
      March 12, 2015 at 9:15 pm

      It's probably a coincidence!

  4. Gonzo
    March 12, 2015 at 2:12 pm

    Nothing really new here...

    Back in the 90s, there was at least one (and I'm sure others) virus with such capability:
    CIH (a.k.a. Chernobyl), which could (among other things) write to some BIOSes, making them useless, forcing the user to have to replace the motherboard.

    Nowadays there's a lot more protection for the kind of attack CIH could do; however there's also more tools and access to (as stated in the article) do overclocking and controlling the computer fans, among other things, so it's really no surprise.

    • Ryan Dube
      March 16, 2015 at 4:38 pm

      That may be true, but devices (and especially manufacturing/control systems) were never as interconnected and accessible from the "outside" as they are today. For all of the convenience of the cloud - the world introduces itself to much greater threats. That's "what's new here".

    • Jeremy
      October 9, 2016 at 1:18 am

      It also fills the first 1024 Kilobytes of the boot drive with 1s and 0s and it also has another name (not the file name of the malware) which is Spacefiller, it fills itself on the empty spaces of files without changing file size, making it hard to detect.

      It's hard to be infected with CIH today, because it infects Windows 9X and the awareness of it, It also has diffrent variants, it even merged with the ILOVEYOU Worm

  5. Richard Hopkins
    March 12, 2015 at 7:48 am

    Whilst I agree with your comments in principle, there are people out there who are malicious enough to attempt to cause chaos and damage just for the hell of it.

    Where any autonomous or remotely accessed device can be re-programmed there is a threat that some malign individual will try to mess with it - take the article in the news about pacemakers recently - ideal for a broad sweeping terrorist attack for example.

    We'll be burning chrome before we know it...

    • Justin Pot
      March 12, 2015 at 3:31 pm

      I suppose there are people who would just like to see the world burn, but another problem with malware that destroys the computer its on is that it can't propagate after doing so. That could be worked around with just a delay, though, so what do I know?