![]() ![]() These algorithms are too complicated and too device-specific to be run at the application or OS level, and so it turns out that every flash memory disk ships with a reasonably powerful microcontroller to run a custom set of disk abstraction algorithms. Likewise, with every generation, the engineers come up with more sophisticated and complicated algorithms to compensate for mother nature’s propensity for entropy and randomness at the atomic scale. This is the result of a constant arms race between the engineers and mother nature with every fabrication process shrink, memory becomes cheaper but more unreliable. The illusion of a contiguous, reliable storage media is crafted through sophisticated error correction and bad block management functions. ![]() In reality, all flash memory is riddled with defects - without exception. So cheap, in fact, that it’s too good to be true. We also note that similar classes of vulnerabilities exist in related devices, such as USB flash drives and SSDs.įlash memory is really cheap. The information here applies to the whole family of “managed flash” devices, including microSD, SD, MMC as well as the eMMC and iNAND devices typically soldered onto the mainboards of smartphones and used to store the OS and other private user data. In order to explain the hack, it’s necessary to understand the structure of an SD card. ![]() On the light side, it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers. On the dark side, code execution on the memory card enables a class of MITM (man-in-the-middle) attacks, where the card seems to be behaving one way, but in fact it does something else. Today at the Chaos Computer Congress ( 30C3), xobs and I disclosed a finding that some SD cards contain vulnerabilities that allow arbitrary code execution - on the memory card itself. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |