←back to thread

90 points LorenDB | 1 comments | | HN request time: 0.383s | source
Show context
0xmarcin ◴[] No.42155173[source]
I am a bit concerned here. I wonder how much time will pass before someone decide to use it to hack a computer?
replies(2): >>42164053 #>>42177537 #
K0balt ◴[] No.42164053[source]
This is likely an extremely rich attack vector if you can gain any reach through the SDIO interface.

That’s a big if… but because of the relative obscurity of the attack surface and requirements for unusual tools, this is probably largely unexplored territory for non-state actors.

It is very likely that the firmware and drivers for SDIO are at the very least insecure and likely rife with serious arbitrary-code-execution level bugs, manufacturer / letter agency back doors for special tools, and similar attack surfaces that will suddenly become accessible to anyone with a hundred dollars and the desire to dig in.

Ultimately, this will be good for device security, but the need for a specialized (but obtainable) tool to execute the attack means probably years of vulnerabilities in the wild, and won’t-fix for older devices.

replies(1): >>42179433 #
1. K0balt ◴[] No.42179433[source]
I honestly can’t imagine why someone would downvote that lol.

Sdio is exactly the kind of interface that one would use for hidden backdoors, since you need a very special piece of hardware to deliver the payload.

No one will ever discover that there are undocumented features that can be accessed by a nonstandard sdio device with just the right mis-timings… because the only thing ever going in that a lot is a memory card that is incapable of producing that signal.

At least until now lol.