Linked by Thom Holwerda on Wed 1st Jan 2014 19:11 UTC, submitted by jockm
Privacy, Security, Encryption

Remember when I wrote about how your mobile phone runs two operating systems, one of which is a black box we know and understand little about, ripe for vulnerabilities? As many rightfully pointed out in the comments - it's not just mobile phones that have tiny processors for specific tasks embedded in them. As it turns out, memory cards have microprocessors though - and yes, they can be cracked for remote code execution too.

Today at the Chaos Computer Congress (30C3), xobs and I disclosed a finding that some SD cards contain vulnerabilities that allow arbitrary code execution - on the memory card itself. On the dark side, code execution on the memory card enables a class of MITM (man-in-the-middle) attacks, where the card seems to be behaving one way, but in fact it does something else. On the light side, it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers.

There's so much computing power hidden in the dark.

Thread beginning with comment 579771
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Where's the story?
by DeepThought on Thu 2nd Jan 2014 11:26 UTC in reply to "RE[2]: Where's the story?"
DeepThought
Member since:
2010-07-17

"It could silently infect executables as they are being read.

That's prevented by code signing - already standard on most mobile platforms and being quickly adopted everywhere else (e.g. OS X by default prevents non-signed apps from running).
"

I am working in the embedded industry. And really none of our customers does anything to protect their machines from being hacked. Some use CRC but only to be sure the Flash code is still intact.

Reply Parent Score: 3

RE[4]: Where's the story?
by saso on Thu 2nd Jan 2014 13:23 in reply to "RE[3]: Where's the story?"
saso Member since:
2007-04-18

I am working in the embedded industry. And really none of our customers does anything to protect their machines from being hacked. Some use CRC but only to be sure the Flash code is still intact.

What embedded industry would that be? I've worked with set-top-boxes w/ content-protection and in that space, signed bootloaders and signed kernels are standard. And by "mobile platforms" I meant the likes of Android, iOS, WP, etc.
Also, how would having the controller be more locked down and unflashable protect you from these kinds of attacks? If you hand your hardware to your adversary for manipulation, can't they just hand you a piece of hardware of their own with entirely custom firmware? Given direct hardware access, there's almost no limit to the attacks you can mount.

Reply Parent Score: 3

RE[5]: Where's the story?
by DeepThought on Fri 3rd Jan 2014 07:27 in reply to "RE[4]: Where's the story?"
DeepThought Member since:
2010-07-17

What embedded industry would that be?

Defense (*grin* these euphemisms), medicine, automation, rail-way.

I've worked with set-top-boxes w/ content-protection and in that space, signed bootloaders and signed kernels are standard.


Yes, it seems engineers for consumer products add these things. But maybe beforehand to protect their product not the customer :-)

Reply Parent Score: 2