Search This Blog

Hacking SD Card to execute malicious code

A tiny computer : SD Cards have built-in Micro controllers that can be used by hackers to run malicious code, perform Man in the Middle attack
A SD Card is not just a memory storage device, it also has a built-in micro controllers.  That sounds good, isn't it? But researchers say it is not.

Two hardware hackers Bunnie and Xobs gave a talk on hacking the MicroSD cards at Chaos Computer Congress (30C3).  The researchers say SD cards are vulnerable to arbitrary code execution.

In a blog post, Bunnie said SD cards have built-in micro controller typically a heavily modified 8051 or ARM CPU.  The reason why there is micro controller inside SD Cards is because it is cheaper than thoroughly testing to make sure it's a flawless.  These micro controllers can be used for both good and bad purposes.

On the dark side, attackers can run malicious code to perform a perfect Man in the Middle (MITM) attack that could be difficult to detect.
"There is no standard protocol or method to inspect and attest to the contents of the code running on the memory card’s micro controller." Researcher said in his blog.

On the good side, these SD cards can be used as Micro controllers for simple projects as it is very cheap and powerful.
Share it: