By Graham K. Rogers

Earlier this month I linked to an article that outlined the recent discovery of an exploit that was potentially available for SD cards. This week, I have been able to view the presentation of about an hour which has considerable detail of what the two researchers did. At the end, there was time for a useful demonstration and questions from the audience.

Illusions Deconstructed

SD memory is rather unsafe he said, partly because of the economics of producing such cards. There are frequently bad blocks: sometimes up to 80%; so 16GB chips are sold as 2 GB. To some applause bunnie mentioned that what is stored is a "probabilistic approximation of your data". Some of the latest cards are only good for less that 1,000 erase cycles.

The inclusion of the microcontroller on the chip, sets up the technology for the possibility of the "man in the middle" attack. Having discovered the potential for such weaknesses, the pair set out to develop the tools for an attack that would enable the SD card to be controlled.

Having bought an assortment of SD cards in a market in China - some of which were fake - the cards were pulled apart to reveal the circuitry. He outlined some of the components and the ways that some of the fake cards are made.

Having deconstructed the chips, they used some of the equipment they developed to test the cards. A later development used flexible PCB boards. bunnie also described some of the other equipment that was used in the analysis.

They assumed that firmware on the controller had to get there somehow and xobs explained about how a flashing tool was acquired: using Baiudu they were easily able to download the (Windows) software to program the card. It was the top hit when I tried (below), with the 4th entry a reference to the conference presentation, including some of their screenshots.

The software allows a user access to every parameter for the SD card that is to to be burned. As well as some odd features, the process for programming a card was fairly easy to discover and carry out.

While using the software, they made some discoveries as to how the card could be programmed, including the point that three of the 64 SD codes were reserved for the manufacturer. By sending random commands, they were able to discover where there were weaknesses that could be exploited. They were subsequently able to reverse engineer the card.

While the earlier cards that had used AX211 were initially used, they updated their research to examine the AX215 which does have slightly stronger processes. They did bring a couple of bags of SD cards so that those interested at the conference would be able to try out the processes themselves.

Time for Tinfoil Hats

• Eavesdropping:
  • Report smaller capacity than available - writes files into spare memory
  • Data is put into hidden areas that are unerasable

• Time of Check/Time of Use Attack
  • One version of file for verification, another for execution
  • Bootloader manipulation

• Selective-modify
  • Scan for assets of interest (e.g. security keys)
  • Replace with insecure versions

We have always trusted that these controllers have been running properly, but "there is no method to attest to the code that is running inside. . . ."

There are similar cards inside some Samsung phones and when the manufacturer pushed out a firmware update, some were able to find that these were also capable of being compromised. Other cards (like TLC) also have weaknesses that have the potential for being exploited.

These problems may apply to SD cards, micro-SD cards, EMMC, SSD USB controllers. The controller program is modifiable and is therefore open to a number of attack scenarios. On the plus side, the open nature of these controllers allow their use in projects, for example as inexpensive data loggers.

The presentation had enough time to allow a well-received demo (start 41:57) and they showed how the exploit could work using hardware they had built themselves.

After the brief demo, there was just over 10 minutes remaining which was given over to questions.

• The first asked about USB sticks and bunnie confirmed that USB sticks also contain controllers.

• Another question asked about inserting malware from an SD card onto a computer. The SD card may not have this capability, although there is some potential. However, bunnie conceded that the USB card had greater potential for this. SD cards that use USB interfacing (such as Macs) may have some more potential for this [see also Stuxnet].

• On the question of security, there was an amusing anecdote when bunnie talked abut going into the "factory" where the cards were made and - with chickens running about - they were able to walk right up to the machine which burned the data in. It would not be hard for such cards to be changed, but he was unable to say whether or not it had been done.

• On the question of controller security, it was suggested that among the cards they examined, the SanDisk cards did have some forms of protection. The research itself was restricted to finding out certain information and not all SD cards may be totally bad (Samsung and Sandisk for example make the controller and the flash disk for some of their branded cards, he said). However, at this stage it may not be possible for users to protect their own cards.

• SD cards with wifi will, by their very nature, have some risk from man in the middle attacks and eavesdropping scenarios.

Later in the day, Andrew Huang and Sean Cross (xobs and bunnie) were to outline some of the new developments on the Novena project they are involved in. Someone should snap up this talented pair right away.

We can no longer take for granted that any of the hardware, software or links that we use are totally secure.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs.