12-30-2013 01:03 PM
A team comprised of Sean "xobs" Cross and Xbox hacker Andrew "bunnie" Huang has demonstrated an exploit that allows SD memory cards to be used for man-in-the-middle attacks. Rather than relying on software residing in the SD card's regular pool of user-accessible flash memory, the exploit allows malicious code to be injected directly into the device's firmware. That firmware governs how SD cards and other NAND-based devices manage their flash memory, giving it access to the onboard microcontroller in addition to all incoming and outgoing data.
The exploit was demonstrated with SD cards based on a flash controller from Appotech, but Huang says all "managed NAND" devices could be vulnerable, including SSDs and USB thumb drives. The problem seems to be a lack of security surrounding the firmware update process for flash controllers. More details are available in an hour-long presentation given during the Chaos Computer Congress: