Flash memory is inexpensive. The attackers properly changing the firmware might hack any device that uses the compromised SD card (e.g. a mobile device, Wi-Fi equipped camera); the flash memory will show up to be running normally while hacking the hosting equipment.
The hardware hacker Bunnie Huang presented during the Chaos Computer Club Congress how to exploit SD cards micro controlled for malicious purposes.
Just how are you able to exploit SD Card, USB stick with other mobile devices for hacking? Another interesting hack ended being presented at the Chaos Computer Congress (30C3), in
The researchers explained how exactly to hack the microcontroller inside every SD as well as microSD flash cards to understand someone in the middle attack.SD cards have powerful micro controllers, which are exploitable by hackers to ensure they are insecure.
The hacker, Bunnie Huang described the process to get it done and published the topic. To reduce SD cards price and increase their storage capability, engineers need to think about a form of internal entropy that would affect data stability on every Flash drive.
Almost every NAND flash memory is affected by defects and by the present’s issues such as electron leakage between adjacent cells.
“Flash memory is inexpensive. So cheap, in fact, that it is too good to be true. In reality, almost all-flash memory is riddled with defects — without exception. The illusion of a contiguous, reliable storage media is created by using sophisticated error correction and bad block management features. This is the result of a continuing arms race between the engineers and Nature; collectively manufacturing process shrink, memory gets cheaper but more unreliable. Similarly, with every generation, the engineers develop more sophisticated and complicated algorithms to compensate for Nature's tendency for entropy and randomness at the atomic scale,” wrote Huang.
A hacker might take advantage of the firmware loading mechanism, usually used exclusively at the factory, to load harmful code, the techniques mostly adopted by counterfeiters who create SD cards that describe a bigger capacity than they have.
The firmware on the SD cards can be updated, however based on Huang’s revelations most manufacturers allow this update functionality unsecured.
The hacker throughout the presentation at 30C3 reverse-engineered the instruction set of a particular microcontroller to examine firmware-loading mechanism.
The attackers properly changing the firmware might hack any device that uses the compromised SD card (e.g. a mobile device, Wi-Fi equipped camera); the flash memory will show up to be running normally while hacking the hosting equipment.
The SD card could make a duplicate of the contents in a hidden memory area or it could run harmful code while idle preventing detection mechanisms.
When we speak about USB hacking or SD Card hacking we must consider that we are approaching the hacking on a large-scale due the wide diffusion of these components. Microcontrollers cost as little as 15¢ each in quantity, they are everywhere and every device that use them could be hacked.
Another consideration that must be done is the Governments as well as high profile hackers could be interested in this attack for cyber espionage and sabotage purposes. Arrange a countermeasure against these types of threat is hard.
A curiosity for the “hackers inside” …these cards could be reprogrammed to become Arduino open source microcontroller and memory systems.
“An Arduino, with its 8-bit 16 MHz microcontroller, will set you back about $20. A microSD card with several gigabytes of memory and a microcontroller with several times the performance could be bought for a fraction of the price,” he writes.
Look closely at the presentation … and distrustful of SD cards from now on.
0 comments:
Post a Comment