SD cards are hackable, but probably not on a mass scale
- 14 January, 2014 17:55
All threats are not equally threatening.
Those microSD cards that provide flash memory storage to your smartphone or tablet, along with the new SD cards you just bought from your local electronics store could be a malware attack vector, setting up your device for a Man-in-the-Middle (MitM) attack as soon as you put one in the slot.
Could be -- as in, it is demonstrably possible -- but also unlikely, unless you are a high-value target like a major corporation or a nation state. So, even though two researchers demonstrated recently the unnerving reality that it is possible to break into and take control of the micro controller in SD cards, other experts say there is little reason for average consumers to worry.
The hack, explained in late December at the Chaos Communications Congress in Hamburg by Sean "xobs" Cross and Dr. Andrew "bunnie" Huang, is, "much more useful for targeted attacks against an individual or a company than a broad attack against consumers," according to Samuel Bucholtz, cofounder of Casaba, a security analysis consulting firm.
"In most cases the data can only be harvested if the SD card is physically retrieved afterwards or it is connected to a previously compromised system," he said.
Kevin McAleavey, cofounder of the KNOS Project and a hacking expert, agreed. "It can be done, but as long as there are more practical methods less likely to be detected than the case of the product being ripped apart and re-glued, the much more likely scenario would be manufacturing a device from scratch with that kind of functionality built in by a wayward manufacturer," he said.
"NSA (National Security Agency) and DoD (Department of Defense) have worried for years about foreign chipmakers doing precisely this in parts for military products, and the practice goes back decades," he said.
That does not mean the risk is not real. Cross and Huang told their audience that the vulnerability exists in large measure because flash memory is unreliable -- "incredibly unreliable" in Huang's words -- and a microcontroller is the best means to correct it.
"You don't want to look under the hood and see the sausage inside," he said.
Because the devices are unreliable, degrade over time, are unpredictably fragmented and contain bad memory blocks, the manufacturers install a relatively powerful microcontroller that delivers the illusion of correct data to the user.
Huang did not respond to a request for comment, but in a recent post on his blog, bunnie:studios, he wrote that, "the illusion of a contiguous, reliable storage media is crafted through sophisticated error correction and bad block management functions," done by microcontrollers, adding that this applies to the entire "family" of managed flash devices, including microSD, SD, MMC, eMMC, and iNAND.
The problem, Huang wrote, is that the firmware loading and update mechanism of those microcontrollers is not secured. He said in observing electronics markets in China, he had seen shop keepers, "burning firmware on cards that 'expand' the capacity of the card -- in other words, they load a firmware that reports the capacity of a card is much larger than the actual available storage."
That vulnerability also made it possible for the two to hack into the firmware update process and write their own applications for the controller without needing access to the manufacturer's documentation. This, they said, would allow an attacker to eavesdrop on a user with a MitM attack.
Huang also wrote on his blog that the malicious code could be written to a sector of the card that is not erasable. He said that those in high-risk situations should not assume that even a "secure" erase of a card is enough. He recommended disposal of such cards, "through total physical destruction (e.g., grind it up with a mortar and pestle)."
All true, say other experts, who agree with Cross and Huang that flash memory is notoriously unreliable and degrades over time.
"You can only write a single memory cell a number of times, after which it wears out and gets corrupt," said Bogdan "Bob" Botezatu, senior e-threat analyst at Bitdefender. "So even if you have a flawless chip, which is not the case in real life, some of its cells will definitely fail during its utilization."
The risk of compromise, they say, is also real, and has existed with other devices for years. "Such vulnerabilities have been seen in USB, Firewire, even parallel and serial ports of the past," said Bucholtz. "Any device that contains a controller executing code is always potentially at risk of such vulnerabilities."
And there are multiple possibilities of damage. "Attackers could hide data on the card," said Chris Wysopal, cofounder and CTO of Veracode. "They could make copies of files that were written and erased later. They could modify the data on the card, which could be very dangerous if programs are executed from the card."
"The attacker could intercept writes to the drive of passwords, credit cards, classified documents, or other sensitive data," Bucholtz said. "Such data could be stored in a hidden area that the device knows nothing about. The SD card could then be retrieved to obtain the data. The card could also inject code into the device for execution, taking over the device, and allowing just about anything to be done with it."
Still, there is general agreement that this is unlikely to be something focused on the mass market, because there are so many different brands of chips with different architecture and because, as McAleavey said, it would be easier to manufacture malicious chips than to break into existing ones.
Bucholtz said it wouldn't even require a corrupt manufacturer colluding with attackers. "The contract manufacturer has no reason to investigate what microcode they are given for the device, so there is no need for corruption or complicity unless the attacker is trying to slip their attack tool into another brand's devices," he said. "It might be easier to simply compromise the code of a major manufacturer prior to a production run."
But even at the nation-state level, Botezatu said he thinks it would be unlikely to succeed, since, "security restrictions forbid the use of removable storage on mission-critical systems.
"The only way I see it viable would be if the attack was carried on flash storage that is permanently attached to the device, but in the case of government smartphones, this would mean that the entire phone has been at the bad guys' disposal, so chances are that they would rather tamper with the operating system instead."
Wysopal and Bucholtz said manufacturers of SD cards could, and should, take steps to secure the vulnerable firmware update process that Cross and Huang exposed. "They need to make it impossible for attackers to load their own code onto the microcontrollers," Wysopal said.
"Code signing can mitigate some of the risk of code injection, and storage/file encryption of all writes to removable SD cards can mitigate the risk of MitM sniffing or tampering of data," Bucholtz added, "unless the attacker gets the keys."
But McAleavey said unless there is a widespread, high profile security disaster involving microcontrollers of flash memory that threatens manufacturers financially, it is unlikely that anything will change.
"Not a whole lot of people are cutting up their cards (as Cross and Huang did)," he said. "They could probably design some methods to detect the tampering, but unless it actually becomes a genuine in-the-wild issue that harms their sales, I'd expect them to roll their eyes and ignore it."