Putting malicious code on USB thumb drives and dropping them near employee entrances is an old hack. A curious employee plugs the USB drive into their PC and voila, another hacked computer.
At the Chaos Computer Congress (30C3), in Hamburg, Germany, a new and deeper hack of flash storage was demonstrated. Researchers hacked the microcontroller inside all SD and microSD flash cards that enables a man in the middle attack.
As regular readers of Storage Bits know, cheap consumer flash memory — almost all NAND flash – is riddled with defects and problematic behavior, such as electron leakage between adjacent cells. Much background housekeeping, including error detection and correction and garbage collection, it is required to preserve the illusion of defect free storage.
This nontrivial work requires a powerful computer system, at least by 1970s standards. Typically an ARM or 8051-based microcontroller, with clock speeds up to 100 MHz, delivers the required CPU cycles.
These microprocessors need a firmware loading mechanism – usually used only at the factory – that can be exploited by hackers to load new code. This has already been used by counterfeiters who create flash drives that report a larger capacity than they physically contain.
In the hack demonstrated at 30C3, researchers reverse-engineered the instruction set of a particular microcontroller to access the firmware loading mechanism. An SD card could appear to be operating normally while hacking any PC or mobile device – including Wi-Fi equipped cameras – it is plugged into. With the widespread use in SD and microSD card slots this could be a very profitable hack.
The Storage Bits take
The researchers report that these microcontrollers cost as little as 15¢ each in quantity. That means they are almost everywhere — and so are potential hacks - including the SIM cards in cell phones.
While there are no reports of such hacks in the wild, we can be sure that the technologically sophisticated criminals and government security agencies are looking at how compromised microcontrollers could be used for theft or surveillance. Security can be compromised where ever an unprotected computer system lives.
Read the well written blog post that details their work and watch a video of their presentation at 30C3 here.
Comments welcome, of course. Do you think the NSA is already working on this?