Wednesday, January 15, 2014

SD Card malware stealing your data.


  SD card malware is stealing data from the inside of your PC.  Researchers claim the attack allows malware to alter and steal data directly from the MicroSD cards.

This is done by using tiny microcontrollers on the card itself.  The SD card malware attack could be used to copy or steal data and even modify sensitive data such as encryption keys.

Even you the SD cards have been ‘erases’, they could still carry the malware.

There is a video demonstration that describes the vulnerability, which will allow attackers access to “keys” used to access sensitive data.

“Man in the middle” attacks are being intercepted by working with internet browser software and use malware like the Trojan Hesperbot.

Researchers are claiming that current memory cards have many errors that ships with the microcontrollers.  On some models, it is possible to force the controller to execute code.

The controllers are put into place to manage the fact that flash memory is “riddled with defects” which is the downside of cheap, portable storage.

Researchers say-
“Flash memory is really cheap. So cheap, in fact, that it’s too good to be true. In reality, all flash memory is riddled with defects — without exception. The illusion of a contiguous, reliable storage media is crafted through sophisticated error correction and bad block management functions,”
The vulnerability of SD card malware substantiates an attack against two models of Sppotech SD card commands. These cards can be modified to perform attacks that could be difficult to detect.

There is no known protocol or method to inspect and attest the contents of the code running on the memory card’s microcontroller.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Could new malware steal data from INSIDE your SD card? Researchers claim even solid-state PC drives could be at risk – We Live Security

No comments:

Post a Comment