Threat Category: SD Card
Threat Description: SD cards contain an integrated processor which may contain vulnerabilities an attacker can exploit to achieve arbitrary code execution in the context of the SD card or the calling application.
Exploiting Vulnerabilties of Wi-Fi SD cards 1
On Hacking MicroSD Cards 2
On Android devices running 5.0 or later, do not grant access to the SD card to untrusted apps.
Remove an attached SD card when not in use.Enterprise
Deploy MAM or containerization solutions that support policies that can restrict access to the SD card by untrusted apps.
S. Konstantaras and C. Dillon, Exploiting Vulnerabilities of Wi-Fi SD cards, project report, Universiteit van Amsterdam, 1 June 2014; https://staff.science.uva.nl/j.j.vanderham/cases/wifi-sd-cards.pdf [accessed 10/24/2016] ↩
bunnie:studios, “On Hacking MicroSD Cards”, blog, Dec. 2013; https://www.bunniestudios.com/blog/?p=3554 [accessed 10/24/2016] ↩