An SD card isn't just a dumb chunk of
memory; it's a dumb chunk of memory with a built-in brain, a microcontroller.
And at this year's Chaos Computer Congress, enterprising hackers showed off
exactly what those brains can be used for : cheap
hardware for makers or malware machines for malcontents.
The reason SD cards have microcontrollers in
the first place is because it's cheaper than producing reliable memory. Instead
of testing each card to make sure it's a flawless bit of hardware (it neveris),
SD card manufacturers just slap on a cheap microcontroller that can come up
with workarounds for dead sectors and other hardware issues on the fly. This
all gets set up at the factory, and average users never have to know a thing
about it.
But that's where the
modification comes in. As hackers bunnie and xobs discovered,
some of cards' chip firmware isn't locked down particularly well, leaving it
completely open to modification. On the good side, that means relatively cheap
microcontrollers for anyone who bothers to hack them. On the dark side, that
means SD cards that can perform their own man-in-the-middle attacks and steal
data on the sly with built-in malware. Or counterfeit SD cards that look like
they're waaaay bigger than they are, like the
mythical never-ending hard drive
No comments:
Post a Comment