How is it possible to exploit SD Card, USB stick and other mobile devices for hacking? Another interesting hack was presented at the Chaos Computer Congress (30C3), in Hamburg, Germany.
The researchers demonstrated how it is possible to hack the microcontroller inside every SD and MicroSD flash cards that allow arbitrary code execution and can be used to perform a man in the middle attack.
The Hardware Hackers Andrew "bunnie" Huang and Sean "xobs" described the exploitation method on their blog post,"it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers."
It seems that to reduce SD cards price and increase their storage capability, engineers have to consider a form of internal entropy that could affect data integrity on every Flash drive. Almost every NAND flash memory is affected by defects and presents problems like electron leakage between adjacent cells.
"Flash memory is really cheap. So cheap, in fact, that it's too good to be true. In reality, all flash memory is riddled with defects — without exception. The illusion of a contiguous, reliable storage media is crafted through sophisticated error correction and bad block management functions. This is the result of a constant arms race between the engineers and mother nature; with every fabrication process shrinks, memory becomes cheaper but more unreliable. Likewise, with every generation, the engineers come up with more sophisticated and complicated algorithms to compensate for mother nature's propensity for entropy and randomness at the atomic scale." wrote Huang.
Manufacturers have a sophisticated software that can detect hardware issues, such as bad sectors, and correct them through firmware. Hackers could hack into these flash-based storage devices using firmware vulnerability, allowing them to install malware.
The firmware on the SD cards can be updated, but according the Huang revelations most manufacturers leave this update functionality unsecured.
During the presentation, they reverse-engineered the instruction set of a particular microcontroller to inspect firmware loading mechanism.
The attackers suitably modifying the firmware could hack any device that uses the compromised SD card (e.g. A mobile device, Wi-Fi equipped camera), the flash memory will appear to be operating normally while hacking the hoisting equipment.
The SD card could make a copy of the contents in a hidden memory area or it could run malicious code while idle avoiding detection mechanisms.
When we speak about USB hacking or SD Card is hacking we must consider that we are approaching the hacking on a large-scale due the wide diffusion of these components. Microcontrollers cost as little as 15¢ each in quantity, they are everywhere and every device that use them could be hacked.
Another consideration that must be done is that Governments and high profile hackers could be very interested in this type of attack for both cyber espionage and sabotage, arrange a countermeasure against those types of threat it is very hard.
A curiosity for the "hackers inside"... These cards could be reprogrammed to become Arduino open source microcontroller and memory systems.
"An Arduino, with its 8-bit 16 MHz microcontroller, will set you back around $20. A MicroSD card with several gigabytes of memory and a microcontroller with several times the performance could be purchased for a fraction of the price," he writes.
So, in short, destroy your SD cards if you have any dirty info on them and keep your eyes peeled for ultra-small, ultra-fast Arduino hacks.
Look closely at the presentation... and distrustful of SD cards from now on.