Surrounded by exploits

Quicksearch

Disclaimer

The individual owning this blog works for Oracle in Germany. The opinions expressed here are his own, are not necessarily reviewed in advance by anyone but the individual author, and neither Oracle nor any other party necessarily agrees with them.

Navigation

< 2014 | Enemy inside >

Friday, January 3. 2014

Just another nice data point for my hypothesis. Now SD-cards have been exploited: "On Hacking MicroSD Cards". In the last year alone people found exploits for hard disk controllers or for wifi sd card.

My hypothesis: "Every thing containing a microcontroller can be exploited to do more than planned or something completely different. And as almost every piece of technology that surrounds us uses a micro controller, almost everything around us can do more than we expect ... and probably do already more than we expect from it. Who know ... most people doesn't even know what their computer is doing while they think their computer is just doing word processing. First derivate of it: Time to do some stretching in order to be able to put our heads between the legs for brace position and to give our butts an good-bye kiss when everything gets out of control".

Posted by Joerg Moellenkamp in English, Security at 20:37 | Comments (2) | Trackbacks (0)

Defined tags for this entry: english, security

Related entries by tags:

View as PDF: This entry | This month | Full blog

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

I somewhat disagree with the term “exploit” in this context, because it suggests that a security mechanism was successfully circumvented. Please keep in mind that you have to be able to send raw commands to the card, which means "root" access on the machine to which the card is currently connected to (in this case: send the non-standard command that tells the card to switch to a firmware upgrade mode of operation).

It's not different to “normal” firmware/BIOS/UEFI upgrades on machines (which can, and as the NSA has shown with the bugs allgedly able to hide in system-management mode, is being used to plant malware), only that Bunnie has been able to do it on a very obscure platform where changing firmware was considered impossible by most.

The “exploit” we have to concern ourselves now with is a diffent one: Writers of filesystems have to keep in mind that (besides the always existing possibility of data corruption due to general bit rot) a devices we always assumed to be a dumb storage for data blocks might return something different to what was stored on it, and even read from it just previously, and additionally the returned data might be specifically crafted to confuse a safety mechanism. E.g. calculate a checksum, verify a file, and then read it again for execution might no longer be a good idea (some kind of TV, I think, was rooted with this method not long ago).

#1 Christian Vogel (Homepage) on 2014-01-03 22:12

Last year I'd say I had no idea how many CPU's were in my home thanks to all the devices like “smart TVs” with CPU's in. Now thanks to stories like these and http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone I don't even know how many CPU's I have in my backpack/pockets.

#2 Alan Coopersmith (Homepage) on 2014-01-03 23:42

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: Standard emoticons like :-) and ;-) are converted to images. Enclosing asterisks marks text as bold (word), underscore are made via _word_.
	Remember Information? Subscribe to this entry