Is a found SD card safe to use after formatting it with a DSLR?

So my father found an SD card and naturally, I advised him not to put it into his computer as there could be all sorts of viruses on it. However, I'm wondering about a solution that might make the card safe to use.

In my Canon DSLR, there's an option to low-level format any inserted SD card. According to this source, the low-level format actually wipes all data and essentially resets the partition. So, will this low-level format wipe all viruses that might be on that card? And is it safe to insert the card into my camera? I assume though, as I find it pretty unlikely that any virus that someone has planted on that card will work on the OS of a DSLR.

MoritzLost

Posted 2016-11-09T11:09:14.670

Reputation: 609

You may find this interesting http://superuser.com/questions/393027/can-a-virus-on-a-flash-drive-run-itself-without-autorun

– Dave – 2016-11-09T11:14:50.907

Turn off automatic card execution (autorun.inf) and you are safe to use it. In Windows this is possible and no software will run from the card. On Linux the same way. – pbies – 2016-11-09T17:51:04.460

You/he should hand it in to the police. Maybe it contains photos of sentimental value to someone. – Andrew Morton – 2016-11-09T18:28:36.290

Answers

While it may or not be safe, consider asking yourself how much is the trouble worth? If it's more than the cost of a new SD card, you're better off chucking that one in the bin and buying a new one.

No, files generally can't just execute themselves, and generally can't exist beyond a low level format

BUT

It's possible that there is some exploit that you/we don't yet know about which does exist in maybe the partition table of the SD card, or similar.

djsmiley2k TMW

Posted 2016-11-09T11:09:14.670

Reputation: 5 937

Yeah that's what I'd do as well. I don't even need that 4 GB card. BUT if there's a safe way to make sure it can't do any harm, why not. Also maybe the next one I find will be a SanDisk 64GB Extreme, I'd want to keep that. So the question is not really about that card specifically, but more about the general concept. – MoritzLost – 2016-11-09T12:57:41.320

1@MoritzLost Fair enough - for a device which you never insert into anything else, you maybe safe. But it's one of those unknown things where you need to consider if you think the risk is worth it. Most of the time a format is enough. – djsmiley2k TMW – 2016-11-09T13:00:25.503

2A partition table is just a table (of data). So unless there's an exploitable flaw in your OS's partition table reader, that's not a code-execution vector. (I'm not claiming that your OS doesn't have a flaw - you should inspect its source code and judge for yourself! Integer overflow bugs seem the most likely possibilities, but perhaps worth looking to see if there's anything on the [security.se] site) – Toby Speight – 2016-11-09T18:24:44.307

Unlike USB, an SD card is block-oriented storage, so connecting it to your system is roughly equivalent to adding a SCSI, SATA or IDE disk. It can't pretend to be a non-storage device, so BadUSB attacks are not possible.

This means the attacks it can perform require the user or OS to be tricked into running stored code - see Can a virus on a flash drive run itself?.

I'd still shy away from entrusting my precious photos to media of unknown provenance - but more due to the risk of data loss from a card that is excessively used, or has been exposed to harsh environments (temperature, radiation, whatever).

Toby Speight

Posted 2016-11-09T11:09:14.670

Reputation: 4 090