Even flash memory cards prone to hacking, intercepting data!
Washington: Security researchers have reportedly found a technique to subvert tiny controller chips in SD Cards that could turn it into a malicious software-running device.
Security researchers have found a way to hack SD Cards, the most common form of flash-memory cards used to store data mobile phones and digital cameras, and run software that intercepts data.
Andrew 'bunnie' Huang and Sean 'xobs' Cross have revealed the approach, through which a person could run malicious software on the memory card itself, as it contains tiny built-in computers called microcontrollers that are used to oversee the details of data storage, Cnet reports.
Huang said that the memory card is a 'perfect setup for a man-in-the middle attack', in which some intercepts data that's being transferred from one location to another, potentially scrutinizing or modifying it.
The researchers said that their attack could be used to secretly copy data, to modify sensitive data such as encryption keys, or to subvert authentication processes by substituting an unauthorized file for execution.
According to the report, the technique could also be used to exploit other flash-memory devices such as SSDs (solid-state drives) used in place of traditional hard drives in personal computers and eMMC (Embedded Multimedia Controller) storage used in mobile phones.