If you own a smartphone or a tablet that allows you to expand its storage via microSD cards, you might be interested to learn that it seems that your microSD card might not be as secure as you might think. Presenting their findings at the Chaos Computer Congress, Andrew Huang and Sean Cross have detailed their findings in which they discovered that microSD cards and other flash-based storage were prone to hacks and could be used by hackers for malicious purposes if they found out about its vulnerability.
The idea behind the vulnerability is through errors in the flash-based storage itself. Manufacturers have sophisticated software that can detect hardware issues, such as bad sectors, and correct them through firmware. Unfortunately the firmware themselves aren’t bug free, and it is through these buggy firmware that hackers are able to take advantage of the vulnerability and hack into these flash-based storage devices, allowing them to install malware and deliver man in the middle attacks. Unfortunately it seems that cards that have been compromised are not detectable by custom security protocols and the only way to deal with a compromised card would be to physically destroy it.
On top of that, it has been found that devices such as USB flash drives and even SSDs are prone to these vulnerabilities as well. The good news is that manufacturers who are aware of these flaws in their products can release updates to fix it, although we guess it’s not often that we see messages on our phones or computers asking us to update our SSDs or microSD cards, right?