Can an SD card be used as a medium of implementing a keylogger? The location of an SD card slot on some laptops is such that it is impossible to see if it contains a card in it unless you deliberately check it, so it could be an easy spot to put a keylogger. But from what I understand an SD card slot unlike a USB one uses a purely read-write protocol (i.e. storage) that cannot execute any code so running a keylogger should not be possible - but is that so?
Asked
Active
Viewed 920 times
1 Answers
2
SD cards are simply micro-controllers with NAND flash storage, similar to USB flash drives. The firmware on these devices has been shown to be vulnerable to manipulation and SD cards have been shown to be capable of MITM attacks: here
Code execution being possible, and many software-based key loggers being available, it's not a stretch to say that an SD card could be used to install a software-based Keylogger on your system. Also like you point out, they are also not easy to spot.
Andrew Huang and Sean Cross even note regarding their exploit:
While SD cards are admittedly I/O-limited, some clever hacking of the microcontroller in an SD card could make for a very economical and compact data logging solution for I2C- or SPI-based sensors
Kyle Fennell
- 921
- 4
- 12
-
Is there something that can be effectively done about it? Maybe disabling it from BIOS - would that be en effective prevention? – kat Dec 17 '19 at 18:36
-
Definitely the most effective way is to disable it in the the BIOS. – Kyle Fennell Dec 17 '19 at 21:50