Huang: On Hacking MicroSD Cards
Huang: On Hacking MicroSD Cards
[Security] Posted Dec 29, 2013 21:03 UTC (Sun) by corbet
Worth a read: this
posting by Andrew "bunnie" Huang on loading new firmware into a MicroSD
card. "From the security perspective, our findings indicate that
even though memory cards look inert, they run a body of code that can be
modified to perform a class of MITM attacks that could be difficult to
detect; there is no standard protocol or method to inspect and attest to
the contents of the code running on the memory card’s
microcontroller. Those in high-risk, high-sensitivity situations should
assume that a 'secure-erase' of a card is insufficient to guarantee the
complete erasure of sensitive data.
"