Balaji
2024-12-07 05:56:00
gbhackers.com
Security researchers have identified a significant vulnerability dubbed “DaMAgeCard Attack” in the new SD Express card standard that could allow attackers to directly access system memory through Direct Memory Access (DMA) attacks.
The vulnerability stems from SD Express cards’ use of PCI Express (PCIe) technology to achieve faster data transfer speeds.
While this delivers impressive performance gains of up to 1000 MB/s compared to traditional SD cards’ 600 MB/s, it also introduces serious security risks by potentially allowing malicious SD cards to directly access system memory.
“The peripheral device industry has once again sacrificed security in the name of speed,” noted the researchers.
They successfully demonstrated proof-of-concept attacks using modified SD Express adapters to gain unauthorized memory access on multiple devices, including gaming laptops and handheld consoles.
The research team tested four different host devices that support SD Express.
- An external card reader with JMicron controller
- A ThinkPad notebook
- An MSI gaming laptop with RTS5261 controller
- The AYANEO Air Plus gaming console
Most concerning was that while some devices had Input/Output Memory Management Unit (IOMMU) protections enabled, others like the AYANEO console had no such safeguards, leaving them completely vulnerable to memory access attacks.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
How does DaMAgeCard Attack Work?
The researchers created custom SD Express adapters with PCILeech capabilities to execute these “DaMAgeCard” attacks, demonstrating how relatively simple it is for attackers to exploit this vulnerability.
Their research shows that some systems have IOMMU (Input/Output Memory Management Unit) protection, but a lot of devices either don’t have this security feature or have it set up wrong. Key vulnerabilities include:
- SD Express cards can transition between SDIO and PCIe/NVMe modes, with the PCIe mode enabling direct memory access
- The lack of encryption or credential checking during mode switching
- Many devices, especially gaming handhelds like the AYANEO Air Plus, operate without IOMMU protection
- Even with IOMMU enabled, known bypass techniques exist through driver vulnerabilities and implementation flaws
The attack surface is expanding as SD Express adoption grows across various devices, from high-end gaming laptops to mid-range systems and embedded devices.
DaMAgeCard vulnerability is particularly concerning because unlike previous DMA attack vectors (such as FireWire or Thunderbolt), SD card slots are widely available and accessible.
Additionally, the availability of open-source tools for memory analysis and encryption attacks makes this vulnerability more exploitable than historical DMA attack vectors.
Given that SD Express is set to be widely used in smartphones, cameras, gaming consoles, and other consumer gadgets, this is especially concerning.
While IOMMU protection can help mitigate these risks when properly implemented, the researchers noted that many devices either lack this protection or have it improperly configured.
They warn that as SD Express adoption grows, this could become a significant attack vector unless manufacturers take steps to properly secure their implementations.
As one researcher noted, “History has taken us full circle,” referring to similar vulnerabilities found in previous technologies like FireWire and Thunderbolt.
Researchers from Positive Labs revealed their findings in a detailed technical report and has released their findings to help raise awareness about these security implications as SD Express adoption continues to grow across consumer electronics markets.
Manufacturers are advised to carefully consider implementing proper security controls before widely deploying this technology.
Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses
Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.
Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.