Mobile Threat Catalogue

Malicious Files Delivered from SD Card to USB-Connected Computer

Contribute

Threat Category: SD Card

ID: STA-42

Threat Description: If the configuration of the mobile device and computer allow, an attached SD card will automatically be mounted by a USB-connected computer as a mass storage device. If the SD card contains executable files designed to automatically execute (e.g. autoexec.bat), they will automatically execute. A malicious mobile app can exploit this weakness by writing malicious executables to an attached SD card.

Threat Origin

Exploiting Smart-Phone USB Connectivity for Fun and Profit 1

Exploit Examples

Exploiting Smart-Phone USB Connectivity for Fun and Profit 1

CVE Examples

Not Applicable

Possible Countermeasures

Computer User

Configure the computer to not automatically execute content stored on mounted USB devices.

Mobile Device User

Configure the mobile device to not automatically make attached SD media available to a USB-connected computer.

Remove any attached SD card from the mobile device prior to connecting to a computer.

Use an anti-malware app to scan the attached SD card for malicious files prior to connecting to a computer.

References

  1. Z. Wang and A. Stavrou, “Exploiting Smart-Phone USB Connectivity for Fun and Profit”, in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365; https://dl.acm.org/doi/pdf/10.1145/1920261.1920314?casa_token=5XmsJ5lz06EAAAAA:HavUpmf81lNQ74ooinjWS1BZkQMkfhsbWJwFwa3UEieHGYKTCmv-TSwwaHRQhz-I4XFzdzkDHEOA [accessed 8/1/2022]  2