By Graham K. Rogers

There has been so much news concerning the changed world of security in the last few months. It is not clear in some quarters who is protecting whom from what, although it seems odd to some that those who break the laws are protected, while those that report the transgressions are persecuted, prosecuted and incarcerated.

This week at the Chaos Computer Congress (30C3), in Hamburg, Germany, there were a number of interesting revelations, including a report that there is a backdoor on the iPhone (DROPOUTJEEP) that the NSA has been using, although this can only be installed if they have physical access to the device: there is no remote installation (Matthew Panzarino, TechCrunh).

Now there is news concerning the (relatively) humble SD card that many of us use in cameras, some phones and other devices. Pierluigi Paganini reports for The Hacker News that two researchers, Andrew "bunnie" Huang and Sean "xobs" showed how the microcontroller inside SD and MicroSD flash cards can be hacked to allow "arbitrary code execution and can be used to perform a man in the middle attack."

The cause is, in part, the quest for cheapness: certain compromises are made that could affect the security of each drive. Attackers - and by this we must now include the NSA and other governments and their agencies - may be able to hack in using firmware vulnerabilities. Although the memory card seems to be working normally, it could run tasks including installing malware on computers.

Some may remember the STUXNET virus that was installed via a USB drive and was designed to attack certain Siemens computer in Iran. This later bit back and computers for power utilities in the USA were subjected to attack.

There are warnings here for many users, whether they be in security, in business, or at risk for other reasons.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs.