Deep down, we'd all like to believe our text-based interactions are worthy of Calvin & Hobbes-style witticisms. They're not and you know it, but does Google? No matter, because the tech giant was just awarded a patent to format your virtual ...
Weight loss surgery may reduce the ageing process significantly. Patients who lost nearly half their weight emerged from the operations appearing younger than usual. It appears that their telomeres...
Though Sony's crazy QX10 and QX100 lens cameras can attach to most smartphones, the company naturally favored its own Xperia Z and Z1 handsets by creating custom cases for those devices. Now it's doing the same for its crazy-large 6.4-inch Xperia Z ...
Jacob Appelbaum has yet another revelation from the Edward Snowden trove of documents: that the NSA has a backdoor into all of Apple's iPhones. And I have no doubt at all that the NSA does indeed...
“A number of people I talk to proudly announce that they no longer set new year’s resolutions,” workplace psychologist Bill Dyment tells me. “Bad idea.” Dyment says that numerous studies show that...
Granted, the holidays didn't exactly leave us flush with cash, but as every charity we've ever contributed to has reminded us via e-mail over the past couple of days, the year is drawing to an end, which means we're running out of time to rack up ...
When the cylinder-shaped Mac Pro was announced back in October many scoffed that it was just another glitzy, even odd Apple product, that was no doubt over-priced for what it could potentially...
Ever wonder why SD cards are dirt cheap? At the 2013 Chaos Computer Congress, a hacker going by the moniker Bunnie recently revealed part of the reason: “In reality, all flash memory is riddled with defects — without exception.” But that tidbit is nothing compared to the point of his presentation, in which he and fellow hacker Xobs revealed that SD cards and other flash storage formats contain programmable computers.
Bunnie also summarized his presentation in a relatively easy to understand post on his blog. The images I’m sharing here are from the slides (pdf) that he and Xobs used in their 30C3 talk. Here’s the full paragraph where Bunnie claims that flash memory is cheap because they’re unreliable: “Flash memory is really cheap. So cheap, in fact, that it’s too good to be true. In reality, all flash memory is riddled with defects — without exception. The illusion of a contiguous, reliable storage media is crafted through sophisticated error correction and bad block management functions…”
“…This is the result of a constant arms race between the engineers and mother nature; with every fabrication process shrink, memory becomes cheaper but more unreliable. Likewise, with every generation, the engineers come up with more sophisticated and complicated algorithms to compensate for mother nature’s propensity for entropy and randomness at the atomic scale.”
Simply put, Bunnie claims that flash storage is cheap (partly) because all chips made are used, regardless of their quality. But how do flash storage makers deal with faulty hardware? With software.
Apparently flash storage manufacturers use firmware to manage how data is stored as well as to obscure the chip’s shortcomings. For instance, Bunnie claims that some 16GB chips are so damaged upon manufacture that only 2GB worth of data can be stored on them. But instead of being thrashed, they’re turned into 2GB cards instead. In order to obscure things like that – as well as to handle the aforementioned increasingly complex data abstraction – SD cards are loaded with firmware.
And where does that firmware reside? In a microcontroller, i.e. a very tiny computer. The microcontroller is packed inside a memory card along with the actual chips that store the data. Bunnie and Xobs then proved that it’s possible to hack the microcontroller and make it run unofficial programs. Depending on how cynical you are, that finding is either good news or bad news.
For their talk, Bunnie and Xobs hacked into two SD card models from a relatively small company called AppoTech. I wish I could say more about their process, but you can read about it on Bunnie’s blog…
…or you can watch their entire presentation in the video below:
Long story short, Bunnie and Xobs found out that the microcontrollers in SD cards can be used to deploy a variety of programs – both good and bad – or at least tweak the card’s original firmware. For instance, while researching in China, Bunnie found SD cards in some electronics shops that had their firmware modified. The vendors “load a firmware that reports the capacity of a card is much larger than the actual available storage.” The fact that those cards were modified supports Bunnie and Xobs’ claim: that other people besides manufacturers can manipulate the firmware in SD cards.
The slide above outlines the other ways a memory card’s microcontroller can be abused. Malware can be inserted into memory cards to discreetly open files, make data impossible to erase (short of destroying the card itself) and even discreetly scan and replace data. On the other hand, Bunnie and Xobs note that this revelation opens up a new platform for tinkerers and developers. If a memory card is both a storage device and a computer, then it may be powerful enough to control another device on its own.
It’s worth noting that this particular investigation had an extremely small sample size. That being said, Bunnie believes that this vulnerability exists in “the whole family of “managed flash” devices, including microSD, SD, MMC as well as the eMMC and iNAND devices typically soldered onto the mainboards of smartphones and used to store the OS and other private user data. We also note that similar classes of vulnerabilities exist in related devices, such as USB flash drives and SSDs.”
Turns out the memories of our computers are as unreliable as ours.
Qualcomm's Snapdragon 800 chip is still pretty dang new, but the company's already churned out a follow-up: the Snapdragon 805, a so-called Ultra HD processor. Like the 800, this version is a Krait-based, quad-core chip, and its biggest selling point ...
Amazon’s recent announcement around drone delivery captured the world’s attention. It is a creative idea. But, as Chris Anderson, founder of 3D Robotics (and also the creative mind that has...
Deep down, we'd all like to believe our text-based interactions are worthy of Calvin & Hobbes-style witticisms. They're not and you know it, but does Google? No matter, because the tech giant was just awarded a patent to format your virtual ... 
Though Sony's crazy QX10 and QX100 lens cameras can attach to most smartphones, the company naturally favored its own Xperia Z and Z1 handsets by creating custom cases for those devices. Now it's doing the same for its crazy-large 6.4-inch Xperia Z ... 
Granted, the holidays didn't exactly leave us flush with cash, but as every charity we've ever contributed to has reminded us via e-mail over the past couple of days, the year is drawing to an end, which means we're running out of time to rack up ... 
Qualcomm's Snapdragon 800 chip is still pretty dang new, but the company's already churned out a follow-up: the Snapdragon 805, a so-called Ultra HD processor. Like the 800, this version is a Krait-based, quad-core chip, and its biggest selling point ... 
