Mobile Threat Catalogue

Code Execution via SD Card Vulnerability

Threat Category: SD Card

ID: STA-40

Threat Description: SD cards contain an integrated processor which may contain vulnerabilities an attacker can exploit to achieve arbitrary code execution in the context of the SD card or the calling application.

Threat Origin

Exploiting Vulnerabilties of Wi-Fi SD cards ¹

Exploit Examples

On Hacking MicroSD Cards ²

CVE Examples

CVE-2016-2494

Possible Countermeasures

Mobile Device User

On Android devices running 5.0 or later, do not grant access to the SD card to untrusted apps.

Remove an attached SD card when not in use.

Enterprise

Deploy MAM or containerization solutions that support policies that can restrict access to the SD card by untrusted apps.

References

S. Konstantaras and C. Dillon, Exploiting Vulnerabilities of Wi-Fi SD cards, project report, Universiteit van Amsterdam, 1 June 2014; https://staff.science.uva.nl/j.j.vanderham/cases/wifi-sd-cards.pdf [accessed 10/24/2016] ↩
bunnie:studios, “On Hacking MicroSD Cards”, blog, Dec. 2013; https://www.bunniestudios.com/blog/?p=3554 [accessed 10/24/2016] ↩