Linked by Thom Holwerda on Wed 1st Jan 2014 19:11 UTC, submitted by jockm
Privacy, Security, Encryption

Remember when I wrote about how your mobile phone runs two operating systems, one of which is a black box we know and understand little about, ripe for vulnerabilities? As many rightfully pointed out in the comments - it's not just mobile phones that have tiny processors for specific tasks embedded in them. As it turns out, memory cards have microprocessors though - and yes, they can be cracked for remote code execution too.

Today at the Chaos Computer Congress (30C3), xobs and I disclosed a finding that some SD cards contain vulnerabilities that allow arbitrary code execution - on the memory card itself. On the dark side, code execution on the memory card enables a class of MITM (man-in-the-middle) attacks, where the card seems to be behaving one way, but in fact it does something else. On the light side, it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers.

There's so much computing power hidden in the dark.

Permalink for comment 579794
To read all comments associated with this story, please click here.
RE: No surprises for me
by jockm on Thu 2nd Jan 2014 17:10 UTC in reply to "No surprises for me"
Member since:

No the point that there are embedded processors in flash memory isn't news. That has been known for a very long time.

The news is that they aren't locked down and are hackable.

That ATtiny4 runs a few orders of magnitude faster than your old Elf, but then the elf did come with 8x the RAM ;)

Reply Parent Score: 3