I am a bit concerned here. I wonder how much time will pass before someone decide to use it to hack a computer?
replies(2):
That’s a big if… but because of the relative obscurity of the attack surface and requirements for unusual tools, this is probably largely unexplored territory for non-state actors.
It is very likely that the firmware and drivers for SDIO are at the very least insecure and likely rife with serious arbitrary-code-execution level bugs, manufacturer / letter agency back doors for special tools, and similar attack surfaces that will suddenly become accessible to anyone with a hundred dollars and the desire to dig in.
Ultimately, this will be good for device security, but the need for a specialized (but obtainable) tool to execute the attack means probably years of vulnerabilities in the wild, and won’t-fix for older devices.
Sdio is exactly the kind of interface that one would use for hidden backdoors, since you need a very special piece of hardware to deliver the payload.
No one will ever discover that there are undocumented features that can be accessed by a nonstandard sdio device with just the right mis-timings… because the only thing ever going in that a lot is a memory card that is incapable of producing that signal.
At least until now lol.