A new type of attack, dubbed “DaMAgeCard,” exploits the SD Express standard to gain direct access to a device’s memory through its SD card reader.
This method bypasses traditional security measures, allowing attackers to extract sensitive data or inject malicious code without physical access to the device’s internals.
The SD Express standard, introduced to enhance the speed of data transfer in SD cards, inadvertently opens a new vector for cyber attacks.
Unlike its predecessors, SD Express cards can operate in both SDIO mode and as a PCIe/NVMe device, which means they can directly interact with the system’s memory bus. This capability, while beneficial for performance, introduces significant security risks when not properly managed.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
How DaMAgeCard Attack Works
The attack leverages the ability of SD Express cards to switch between SDIO and PCIe modes. When an SD Express card is inserted, the host controller typically starts in SDIO mode, then switches to PCIe mode after confirming the card’s capabilities.
Researchers from Positive Labs demonstrated that by emulating this mode-switching interaction, they could trick the host controller into allowing a malicious device to access the system’s memory.
This was achieved using a Raspberry Pi Pico to emulate the necessary signals, bypassing the need for an actual SD controller.
The implications of the DaMAgeCard attack are profound. It can potentially:
- Extract sensitive data: By accessing memory directly, attackers can retrieve encryption keys, personal data, or any information stored in RAM.
- Inject malicious code: Malicious code can be injected into the system, potentially leading to persistent malware infections or unauthorized control over the device.
- Bypass security measures: Traditional security protocols like IOMMU (Input-Output Memory Management Unit) can be circumvented if not properly configured, leaving systems vulnerable.
While some devices, like the MSI gaming laptop tested by researchers, implement IOMMU to restrict memory access, many do not have this protection enabled by default. This oversight leaves a wide array of devices, from gaming consoles to business workstations, potentially at risk.
The SD Express technology, despite its security vulnerabilities, is gaining traction due to its significant speed advantages. Photographers, gamers, and other users requiring high-speed data transfer are adopting this technology, which could lead to its widespread use across various devices. This adoption, however, might inadvertently increase the attack surface for DaMAgeCard-like exploits.
As technology evolves to meet consumer demands for speed and efficiency, it’s crucial that security measures evolve in tandem. Manufacturers and developers must prioritize securing these new interfaces against such sophisticated attacks to protect user data and system integrity.
Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses