Vulnerabilities in SD Cards Can Be Exploited for MITM Attacks

Memory cards can be hacked

At the Chaos Communication Congress (30C3), researchers “bunnie” and “xobs” have revealed the existence of vulnerabilities in Secure Digital (SD) memory cards that can be exploited for arbitrary code execution.

The security holes in memory cards can be leveraged for man-in-the-middle (MITM) attacks. In addition, the flaws can be used by hardware enthusiasts to gain access to the microcontrollers integrated into such devices

The researchers have performed their tests on products from AppoTech, particularly the AX211 and AX 215 models. However, other brands might contain similar vulnerabilities.

“We discover a simple ‘knock’ sequence transmitted over manufacturer-reserved commands (namely, CMD63 followed by ‘A’,’P’,’P’,’O’) that drop the controller into a firmware loading mode. At this point, the card will accept the next 512 bytes and run it as code,” bunnie noted in a blog post published after their presentation.

By reverse engineering the function specific registers in the 8051 microcontroller, they’ve managed to create new applications even without access to documentation from the vendor.

It’s worth noting that the experts have used the open source hardware platform Novena and some custom flexible circuit adapter cards.

“From the security perspective, our findings indicate that even though memory cards look inert, they run a body of code that can be modified to perform a class of MITM attacks that could be difficult to detect; there is no standard protocol or method to inspect and attest to the contents of the code running on the memory card’s microcontroller,” bunnie added.

So what can users learn from all this? The most important lesson is that there’s no guarantee that by secure-erasing a card, the sensitive information that’s stored on it is completely deleted. This should be taken into consideration particularly in “high-risk, high-sensitivity situations.”

Experts recommend the physical destruction of memory cards to ensure that sensitive information is erased before disposing of them.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s