1

I found an SD card at airport security. It's a higher-end card and 64GB. I'm guessing that it's probably from someone's camera and likely has photos on it that they would like returned. Is there a safe way form me to view the contents with the goal of possibly returning it to the owner?

Alan Easley
  • 19
  • 1
  • 1
    Ask on Reddit on the airport sub-reddit if someone lost the card. Or look at the pictures and do a reverse search on the pictures, maybe you identify the people. If the pictures are geo-tagged, you may find where they were shot and maybe find the address, so you can send them a letter asking if they lost the SD card. – ThoriumBR Oct 01 '20 at 00:42
  • 5
    I think the OP is asking with security in mind: how to *safely* look at the pictures without e.g. infecting their computer. –  Oct 01 '20 at 03:51
  • 1
    I'm not sure how one loses an SD card at security, but be wary of finding pictures **you do not want to possess**. – user10216038 Mar 01 '21 at 00:04

2 Answers2

1

Found SD Card - Now What?

... I found an SD card at airport security.

Turn it in to the Airport lost-and-found. Or simply hand it to an agent at airport security and tell them you think someone lost it.

I'm getting the feeling this is a made-up scenario... why wouldn't you just turn the SD card over to security or lost-and-found immediately?

If your real question is whether or not there is "a safe way... to view the contents" there is no reason for you to couch the question in a made-up scenario.

hft
  • 4,910
  • 17
  • 32
-2

For what I know there is no software way to compromise your computer from this SD card as far as you are up to date and you didn't enable old settings like autorun, ...
But because 0 day are always possible, it could be better to read it from a Linux USB Live considering that a malicious person would probably target windows software.
Then using the GPS data of the exif is a good way to find the owner.

But, it could still exist a hardware risk: the SD card can be recognized as a keyboard and could execute commands and other creepy scenarios.
Using a dedicated machine not connected to your home network will be safer. It has to be a machine where you do not perform your daily tasks : browsing, emailing, netflixing, ...

I agree that the safest way is to give it to the lost and found of the airport.

Sibwara
  • 1,316
  • 7
  • 19
  • 4
    *"the SD card can be recognized as a keyboard and could execute commands and other creepy scenarios."* - I very much doubt this. A SD card is not a USB device which can provide a different USB class like HID than expected. You are confusing this with Bad USB attacks. – Steffen Ullrich Oct 01 '20 at 15:19
  • Because there not so much look about this kind of device, I suspected that some undocumented attacks should be possible and it would be safer to consider it as dangerous as USB devices. But you're right, I don't know a valid hardware attack through SD card – Sibwara Oct 02 '20 at 11:00
  • 2
    A SD card cannot be put into an USB slot but only into a SD card reader. It is more likely that a deliberately corrupted file system results in a kernel exploit. – Steffen Ullrich Oct 02 '20 at 11:13
  • 1
    What about using a USB hub that has an SD card slot? Does that change the likelihood of this? – Pheric Oct 02 '20 at 15:06
  • You can fall a victim of exploits in libraries like the one used to generate image previews. – nethero Oct 03 '20 at 12:39
  • @SteffenUllrich And kernel exploits through corrupted filesystems are a dime a dozen. – forest Jun 29 '21 at 02:17