In the year 2013 we’ve seen some real stand-out stars in several sectors, including mobile, automotive, desktop computing, and gaming. This was certainly a year of hero devices, with manufacturers … Continue reading
Ever wonder why SD cards are dirt cheap? At the 2013 Chaos Computer Congress, a hacker going by the moniker Bunnie recently revealed part of the reason: “In reality, all flash memory is riddled with defects — without exception.” But that tidbit is nothing compared to the point of his presentation, in which he and fellow hacker Xobs revealed that SD cards and other flash storage formats contain programmable computers.
Bunnie also summarized his presentation in a relatively easy to understand post on his blog. The images I’m sharing here are from the slides (pdf) that he and Xobs used in their 30C3 talk. Here’s the full paragraph where Bunnie claims that flash memory is cheap because they’re unreliable: “Flash memory is really cheap. So cheap, in fact, that it’s too good to be true. In reality, all flash memory is riddled with defects — without exception. The illusion of a contiguous, reliable storage media is crafted through sophisticated error correction and bad block management functions…”
“…This is the result of a constant arms race between the engineers and mother nature; with every fabrication process shrink, memory becomes cheaper but more unreliable. Likewise, with every generation, the engineers come up with more sophisticated and complicated algorithms to compensate for mother nature’s propensity for entropy and randomness at the atomic scale.”
Simply put, Bunnie claims that flash storage is cheap (partly) because all chips made are used, regardless of their quality. But how do flash storage makers deal with faulty hardware? With software.
Apparently flash storage manufacturers use firmware to manage how data is stored as well as to obscure the chip’s shortcomings. For instance, Bunnie claims that some 16GB chips are so damaged upon manufacture that only 2GB worth of data can be stored on them. But instead of being thrashed, they’re turned into 2GB cards instead. In order to obscure things like that – as well as to handle the aforementioned increasingly complex data abstraction – SD cards are loaded with firmware.
And where does that firmware reside? In a microcontroller, i.e. a very tiny computer. The microcontroller is packed inside a memory card along with the actual chips that store the data. Bunnie and Xobs then proved that it’s possible to hack the microcontroller and make it run unofficial programs. Depending on how cynical you are, that finding is either good news or bad news.
For their talk, Bunnie and Xobs hacked into two SD card models from a relatively small company called AppoTech. I wish I could say more about their process, but you can read about it on Bunnie’s blog…
…or you can watch their entire presentation in the video below:
Long story short, Bunnie and Xobs found out that the microcontrollers in SD cards can be used to deploy a variety of programs – both good and bad – or at least tweak the card’s original firmware. For instance, while researching in China, Bunnie found SD cards in some electronics shops that had their firmware modified. The vendors “load a firmware that reports the capacity of a card is much larger than the actual available storage.” The fact that those cards were modified supports Bunnie and Xobs’ claim: that other people besides manufacturers can manipulate the firmware in SD cards.
The slide above outlines the other ways a memory card’s microcontroller can be abused. Malware can be inserted into memory cards to discreetly open files, make data impossible to erase (short of destroying the card itself) and even discreetly scan and replace data. On the other hand, Bunnie and Xobs note that this revelation opens up a new platform for tinkerers and developers. If a memory card is both a storage device and a computer, then it may be powerful enough to control another device on its own.
It’s worth noting that this particular investigation had an extremely small sample size. That being said, Bunnie believes that this vulnerability exists in “the whole family of “managed flash” devices, including microSD, SD, MMC as well as the eMMC and iNAND devices typically soldered onto the mainboards of smartphones and used to store the OS and other private user data. We also note that similar classes of vulnerabilities exist in related devices, such as USB flash drives and SSDs.”
Turns out the memories of our computers are as unreliable as ours.
LG has announced a couple new products that it will be showing off at CES 2014 kicking off next week. The new products will include the Tab-Book 2 and a … Continue reading
This week Google’s Chairman has suggested that we’re officially over the hump. Speaking with Bloomberg TV about his predictions for 2014, Google’s voice has suggested that while we’ve been moving … Continue reading
A couple of years ago the Commodore 64 was reborn with upgraded specs (although the company behind it seems to have folded now). This year it’s the Sinclair ZX Spectrum’s turn to get an update. Actually it’s more of a downgrade. A company called Elite Systems has acquired the right to make officially licensed Bluetooth keyboards that look like the Spectrum. Yep, just a keyboard. Maybe tinkerers can cram a couple of Raspberry Pis in it.
Elite Systems already ported a collection of ZX Spectrum games to iOS, so this keyboard should be the best way to play those games. The image above is not of a mockup, but it’s not a prototype of the Bluetooth keyboard either. That’s an actual Sinclair ZX Spectrum next to an iPad, but Elite Systems says that there’s no better way to visualize what their final product will look like anyway.
The company has set up a Kickstarter for the keyboard, but I’m not going to bother sharing the fundraiser’s video here. Let’s just say they need to hire some PR guys. Pledge at least £50 (~$80 USD) on Kickstarter to get a Bluetooth ZX Spectrum as a reward. Or, head over to eBay UK, where you can pick up an actual ZX Spectrum for about the same price.
NFC or Near Field Communications is featured in many technology products today. The majority of the products that ship with NFC tech embedded right now are smartphones according to research … Continue reading
Has there been a desktop computing reinvention quite like the 2013 Mac Pro? At the top of the year Apple’s pro-Mac looked like it was facing the axe altogether, an … Continue reading
The Mac Pro has arrived and so has an updated version of Final Cut Pro. Parts of the update deal with 4K, and likely not a coincidence, this update also … Continue reading
As it to usher in the new machine with a red carpet, Logic Pro X has been given a major update this morning. This update includes the version number 10.0.5 … Continue reading
Apple’s new Mac Pro has gone on sale today, with demand already pushing availability of the innovative desktop to February 2014. The cylindrical Mac launched with premium pricing this morning … Continue reading
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
