How is it possible to exploit SD Card, USB stick and other mobile devices for hacking? Another interesting hack was presented at the Chaos Computer Congress (30C3), in Hamburg, Germany.
The researchers demonstrated how
it is possible to hack the microcontroller inside every SD and MicroSD
flash cards that allow arbitrary code execution and can be used to
perform a man in the middle attack.
The Hardware Hackers Andrew “bunnie” Huang and Sean “xobs” described the exploitation method on their blog post,"it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers."
It seems that to reduce SD cards
price and increase their storage capability, engineers have to consider
a form of internal entropy that could affect data integrity on every
Flash drive. Almost every NAND flash memory is affected by defects and
presents problems like electron leakage between adjacent cells.
"Flash memory is really
cheap. So cheap, in fact, that it’s too good to be true. In reality, all
flash memory is riddled with defects — without exception. The illusion
of a contiguous, reliable storage media is crafted through sophisticated
error correction and bad block management functions. This is the result
of a constant arms race between the engineers and mother nature; with
every fabrication process shrinks, memory becomes cheaper but more
unreliable. Likewise, with every generation, the engineers come up with
more sophisticated and complicated algorithms to compensate for mother
nature’s propensity for entropy and randomness at the atomic scale." wrote Huang.
Manufacturers have a sophisticated software that can detect hardware issues, such as bad sectors, and correct them through firmware. Hackers could hack into these flash-based storage devices using firmware vulnerability, allowing them to install malware.
The firmware on the SD cards can
be updated, but according the Huang revelations most manufacturers
leave this update functionality unsecured.
During the presentation, they
reverse-engineered the instruction set of a particular microcontroller
to inspect firmware loading mechanism.
The attackers suitably modifying the firmware could hack any device that uses the compromised SD card (e.g. A mobile device, Wi-Fi equipped camera), the flash memory will appear to be operating normally while hacking the hoisting equipment.
The
SD card could make a copy of the contents in a hidden memory area or it
could run malicious code while idle avoiding detection mechanisms.
When we speak about USB hacking
or SD Card is hacking we must consider that we are approaching the
hacking on a large-scale due the wide diffusion of these components.
Microcontrollers cost as little as 15¢ each in quantity, they are
everywhere and every device that use them could be hacked.
Another consideration that must
be done is that Governments and high profile hackers could be very
interested in this type of attack for both cyber espionage and sabotage,
arrange a countermeasure against those types of threat it is very hard.
A curiosity for the "hackers inside"... These cards could be reprogrammed to become Arduino open source microcontroller and memory systems.
“An Arduino, with its 8-bit
16 MHz microcontroller, will set you back around $20. A MicroSD card
with several gigabytes of memory and a microcontroller with several
times the performance could be purchased for a fraction of the price,” he writes.
So, in short, destroy your SD
cards if you have any dirty info on them and keep your eyes peeled for
ultra-small, ultra-fast Arduino hacks.
Look closely at the presentation... and distrustful of SD cards from now on.
0 comments :
Post a Comment