Security researchers have found a way to hack SD Cards, the most common form of flash-memory cards used to store data mobile phones and digital cameras, and run software that intercepts data.
Andrew "bunnie" Huang and Sean "xobs" Cross disclosed the approach Sunday in a blog post and talk at the Chaos Computer Congress (30C3). With the attack, a person could run malicious software on the memory card itself.
The researchers have performed their tests on products from AppoTech, particularly the AX211 and AX 215 models. However, other brands might contain similar vulnerabilities.
“We discover a simple ‘knock’ sequence transmitted over manufacturer-reserved commands (namely, CMD63 followed by ‘A’,'P’,'P’,'O’) that drop the controller into a firmware loading mode. At this point, the card will accept the next 512 bytes and run it as code,” bunnie noted in a blog post published after their presentation.
While SD cards are admittedly I/O-limited, some clever hacking of the microcontroller in an SD card could make for a very economical and compact data logging solution for I2C- or SPI-based sensors,” Huang wrote in the blog.
By reverse engineering the function specific registers in the 8051 microcontroller, they’ve managed to create new applications even without access to documentation from the vendor.
In a man-in-the-middle attack, someone intercepts data that's being transferred from one location to another, potentially scrutinizing or modifying it.
Huang and Cross believe their attack could be used to secretly copy data, to modify sensitive data such as encryption keys, or to subvert authentication processes by substituting an unauthorized file for execution instead of the actual file that was authorized.
Andrew "bunnie" Huang and Sean "xobs" Cross disclosed the approach Sunday in a blog post and talk at the Chaos Computer Congress (30C3). With the attack, a person could run malicious software on the memory card itself.
The researchers have performed their tests on products from AppoTech, particularly the AX211 and AX 215 models. However, other brands might contain similar vulnerabilities.
“We discover a simple ‘knock’ sequence transmitted over manufacturer-reserved commands (namely, CMD63 followed by ‘A’,'P’,'P’,'O’) that drop the controller into a firmware loading mode. At this point, the card will accept the next 512 bytes and run it as code,” bunnie noted in a blog post published after their presentation.
While SD cards are admittedly I/O-limited, some clever hacking of the microcontroller in an SD card could make for a very economical and compact data logging solution for I2C- or SPI-based sensors,” Huang wrote in the blog.
By reverse engineering the function specific registers in the 8051 microcontroller, they’ve managed to create new applications even without access to documentation from the vendor.
In a man-in-the-middle attack, someone intercepts data that's being transferred from one location to another, potentially scrutinizing or modifying it.
Huang and Cross believe their attack could be used to secretly copy data, to modify sensitive data such as encryption keys, or to subvert authentication processes by substituting an unauthorized file for execution instead of the actual file that was authorized.
No comments:
Post a Comment