When it comes to your computers and electronics gear, your SD card might be the last thing you would think of that could get hacked. But that exactly what a couple of guys disclosed at Chaos Computer Congress. What’s worse is the vulnerability that is discovered isn’t just restricted to SD cards but pretty much the entire family of managed flash such as microSD, SD, MMC as well as the eMMC and iNAND devices typically soldered onto the mainboards of smartphones.
As “bunnie” explains, these cards are equipped with an ARM CPU that runs error correction checks on the flash memory is generally riddled with defects. Here is what they found:
xobs and I disclosed a finding that some SD cards contain vulnerabilities that allow arbitrary code execution — on the memory card itself. On the dark side, code execution on the memory card enables a class of MITM (man-in-the-middle) attacks, where the card seems to be behaving one way, but in fact it does something else.
Source: bunnie’s blog