[HH] anyone have experience with fake flash (microSD) memory?
Tom Metro
tmetro+hhacking at gmail.com
Mon Jul 14 18:27:36 EDT 2014
Kurt L Keville wrote:
> Was just reading about this topic... Bunnie Huang suggests that much
> if not most SD media is made after hours when the boss has gone
> home...
>
> http://www.bunniestudios.com/blog/?p=3554
Great article. It only touches on the topic of SD cards reporting a fake
capacity, but elaborates on how the micro controllers in the cards can
be reprogrammed, and how its been shown that at least some cards lack
any serious security measures preventing the firmware from being
reprogrammed in the field. (And one example of this happening that they
observed was a shop owner loading firmware to report fake capacity.)
The author mentions how this capability could be used for a "man in the
middle" attack, but aside from having the card report that it erased
things that it didn't, they didn't give any examples of how this would
be exploited.
-Tom
More information about the Hardwarehacking
mailing list