Lock your doors and windows: even SD cards aren't safe these days
31st Dec 2013 | 22:48
Security researchers discover new vulnerability
Is nothing sacred?
A pair of security researchers has discovered a way that malicious parties might access innocent computer users' data using simple and common SD cards.
Andrew "bunnie" Huang and Sean "xobs" Cross described their findings during a Chaos Compute Club Congress talk and in a blog post, and they have us worried.
They revealed that enterprising hackers (like themselves, but evil!) might alter an SD card's firmware to transform it into a "man-in-the-middle" type of malware device.
Huang explained that SD cards have microcontrollers with their own firmware so that engineers can code in tricks to ensure they have acceptable rates of data retention, despite their imperfections.
But firmware can be altered, and some, if not all, SD cards have little to no security, the researchers discovered.
"On the dark side, code execution on the memory card enables a class of MITM (man-in-the-middle) attacks, where the card seems to be behaving one way, but in fact it does something else," Huang wrote on his blog.
"On the light side, it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers."
Oh, thank goodness - at least there's a silver lining.