Showing results for 
Search instead for 
Did you mean: 

Hackers demonstrate firmware vulnerability in SD cards

Silver VIP

Hackers demonstrate firmware vulnerability in SD cards

A team comprised of Sean "xobs" Cross and Xbox hacker Andrew "bunnie" Huang has demonstrated an exploit that allows SD memory cards to be used for man-in-the-middle attacks. Rather than relying on software residing in the SD card's regular pool of user-accessible flash memory, the exploit allows malicious code to be injected directly into the device's firmware. That firmware governs how SD cards and other NAND-based devices manage their flash memory, giving it access to the onboard microcontroller in addition to all incoming and outgoing data.

The exploit was demonstrated with SD cards based on a flash controller from Appotech, but Huang says all "managed NAND" devices could be vulnerable, including SSDs and USB thumb drives. The problem seems to be a lack of security surrounding the firmware update process for flash controllers. More details are available in an hour-long presentation given during the Chaos Computer Congress:


Full Topic  beta_tester_transparent.png

Luminary Signature.png

2016-07-18_12-11-32.png  Microsoft® Windows Insider MVP - Windows Security