Memory cards of all kinds are common place in data theft and hacking, tool kits installed on flash drives are a quick and effective way of stealing information from computers and of course there is also the fact that you can simply copy and pasta data to them, then stick the drive in your pocket. SD cards could soon be the worst offender as hardware Hacker Bunnie Huang details how the micro controllers and firmware of SD cards can be used maliciously.
Flash memory such as SD cards are over engineered to keep data retention at acceptable levels, all memory cards suffer from data loss and are riddled with flaws, but are design with algorithms that allow them to compensate. To do this, SD cards contain a micro controller and firmware, this firmware is often left unsecured and can be manipulated to create areas hidden storage areas that can mirror data, or could even be reprogrammed to become Arduino-esque open source micro-controller and memory systems.
“Today at the Chaos Computer Congress (30C3), xobs and I disclosed a finding that some SD cards contain vulnerabilities that allow arbitrary code execution — on the memory card itself. On the dark side, code execution on the memory card enables a class of MITM (man-in-the-middle) attacks, where the card seems to be behaving one way, but in fact it does something else. On the light side, it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers.”
Bunnie went into great detail on his site that details accessing the firmware.
Thank you Techcrunch for providing us with this information.
Image courtesy of Techcrunch.