Google Play icon

30C3: SD card tricks can deliver MITM attacks

Share
Posted January 2, 2014
30C3: SD card tricks can deliver MITM attacks
Credit: bunniestudios
This year’s 30th Chaos Communication Congress (30C3) in Hamburg from December 27 to December 30 carried numerous informative presentations, including a reverse-engineering story about SD cards, which two investigators explored for malware potential. The presenters were identified as “bunnie” and “xobs,” taking center-stage to discuss their work. The presentation was titled ” The Exploration and Exploitation of an SD Memory Card.” (SD cards are the small flash-memory cards used to store data on phones, digital cameras and other portable devices.) As Gizmodoput it, “the next time you plug in an SD card, just remember that it’s actually a tiny computer of its own.” In short, some cards’ embedded microcontrollers can be exploited. The two found that some SD cards contain vulnerabilities that allow arbitrary code execution—on the memory card itself. They talked about reverse-engineering and loading code into the microcontroller within a SD memory card.

“All “managed FLASH” devices, such as SD, microSD, and SSD, contain an embedded controller to assist with the complex tasks necessary to create an abstraction of reliable, contiguous storage out of FLASH silicon that is fundamentally unreliable and unpredictably fragmented. This controller is an attack surface of interest.”

Read more at: Phys.org

Featured news from related categories:

Technology Org App
Google Play icon
84,820 science & technology articles

Most Popular Articles

  1. New Class of Painkillers Offers all the Benefits of Opioids, Minus the Side Effects and Addictiveness (2 days old)
  2. Top NASA Manager Says the 2024 Moon Landing by Astronauts might not Happen (September 19, 2019)
  3. How social media altered the good parenting ideal (September 4, 2019)
  4. What's the difference between offensive and defensive hand grenades? (September 26, 2019)
  5. Just How Feasible is a Warp Drive? (September 25, 2019)

Follow us

Facebook   Twitter   Pinterest   Tumblr   RSS   Newsletter via Email