← Back to team overview

ubuntu-phone team mailing list archive

Are there any attack vectors based on SD card?



Last Saturday I went to a big tech market to buy a new SD card for my BQ E4.5.
I bought a SanDisk microSDHC UHS-I 16 GByte. When I pulled it our from its
plastic cover it was easy to open and I already though that someone opened this 
plastic once. I plugged it in and ... it contained pictures in a DCIM dir,
a file Kontacts.vcf and more stuff, some Android directories etc. I returned
it to the shop and they were surprised as well and gave me a new one, now really empty.

What I'm asking me: Who is so "intelligent" and returns such SD to the shop, even
hang it into the place where new cards are (or maybe the shop staff did so)
but in any case without at least formatting the SD? And why at all?

Or is this some new attack vector distributing trojans or malware on SD cards
through shops?

I asked the same in the UBports forum, but it was declared as OFF TOPIC
there: https://forums.ubports.com/topic/2768/are-there-any-attack-vectors-based-on-sd-card



Matthias Apitz, ✉ guru@xxxxxxxxxxx, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
May, 9: Спаси́бо освободители! Thank you very much, Russian liberators!

Follow ups