{"id":3361,"date":"2018-07-16T00:00:55","date_gmt":"2018-07-16T07:00:55","guid":{"rendered":"http:\/\/192.168.3.4\/?p=3361"},"modified":"2018-07-27T20:35:55","modified_gmt":"2018-07-28T03:35:55","slug":"microsd-security","status":"publish","type":"post","link":"https:\/\/www.cloudacm.com\/?p=3361","title":{"rendered":"microSD Security"},"content":{"rendered":"<p>Many single board computers and mobile devices use microSD media as their primary data storage.\u00a0 However, microSD media is also used in cameras, security systems, and other small devices that handle large quantities of data.\u00a0 The security of this media format is often overlooked.<\/p>\n<p>In this post, we&#8217;ll look at some history around the topic of microSD security and its implications.\u00a0 I&#8217;ll also be covering some basic concepts of securing microSD media.<\/p>\n<p><a href=\"http:\/\/192.168.3.4\/wp-content\/uploads\/2018\/07\/Memory-cards-1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3381 size-large\" src=\"http:\/\/192.168.3.4\/wp-content\/uploads\/2018\/07\/Memory-cards-1-1024x512.jpg\" alt=\"65 percent of resold memory cards still contain data lack of security\" width=\"640\" height=\"320\" srcset=\"https:\/\/www.cloudacm.com\/wp-content\/uploads\/2018\/07\/Memory-cards-1-1024x512.jpg 1024w, https:\/\/www.cloudacm.com\/wp-content\/uploads\/2018\/07\/Memory-cards-1-300x150.jpg 300w, https:\/\/www.cloudacm.com\/wp-content\/uploads\/2018\/07\/Memory-cards-1-768x384.jpg 768w, https:\/\/www.cloudacm.com\/wp-content\/uploads\/2018\/07\/Memory-cards-1-540x270.jpg 540w, https:\/\/www.cloudacm.com\/wp-content\/uploads\/2018\/07\/Memory-cards-1.jpg 1200w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<p>MicroSD media is an extremely small form factor data storage device.\u00a0 It measures 15\u00d711\u00d71 mm, this makes is suitable for use an most mobile devices.\u00a0 It was first introduced in 2005 and is projected to remain on the market well into 2022, largely from the introduction of IoT and smart systems (references <a href=\"https:\/\/en.wikipedia.org\/wiki\/Comparison_of_memory_cards\">1<\/a> and <a href=\"https:\/\/www.persistencemarketresearch.com\/market-research\/secure-digital-memory-cards-market.asp\">2<\/a>).<\/p>\n<p><iframe style=\"width: 120px; height: 240px;\" src=\"\/\/ws-na.amazon-adsystem.com\/widgets\/q?ServiceVersion=20070822&amp;OneJS=1&amp;Operation=GetAdHtml&amp;MarketPlace=US&amp;source=ac&amp;ref=tf_til&amp;ad_type=product_link&amp;tracking_id=cloudacm-20&amp;marketplace=amazon&amp;region=US&amp;placement=B06XWJM2FV&amp;asins=B06XWJM2FV&amp;linkId=1f8b9dea1250f1245bfdb24ec449f546&amp;show_border=true&amp;link_opens_in_new_window=true&amp;price_color=333333&amp;title_color=0066c0&amp;bg_color=ffffff\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><br \/>\n<\/iframe><\/p>\n<p>Because of its small size and low cost, physical security is a challenge.\u00a0 The media is prone to disposal without regard to security.\u00a0 Used media is often resold on the market, which potentially makes the data stored on them accessible by third parties.\u00a0 The devices that use the microSD media are also a challenge to secure.\u00a0 Cell phones are one example and loss or theft of these devices is in the millions per year (reference <a href=\"https:\/\/www.consumerreports.org\/cro\/news\/2014\/04\/smart-phone-thefts-rose-to-3-1-million-last-year\/index.htm\">3<\/a>).<\/p>\n<p><iframe loading=\"lazy\" title=\"POLICE CAM CATCH MOPED PHONE THEIF Who STOLE 21 MOBILE PHONE Then TRYS ESCAPE Through CROWDED MARKET\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/_vZc-H6FBbU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>A proven method of physically securing any media is to physically destroy it.\u00a0 MicroSD media can be easily destroyed by cutting the card with household nail cutters.\u00a0 However, this is often overlooked because the storage media is mistakenly seen as part of the larger device that contains it, which is disposed of without regard to security.<\/p>\n<p>In the event of loss or theft, physical destruction is not practical, mainly due from the intended and continued use of the storage.\u00a0 To prevent access, data encryption should be used which will make it less likely for a third party to access the contents of the microSD media.\u00a0 Unfortunately most users will not have the technical knowledge to enable encryption and will typically use a device default settings.<\/p>\n<p><a href=\"http:\/\/192.168.3.4\/wp-content\/uploads\/2018\/07\/Andriod-Encrypt-SD-Card.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3375 size-full\" src=\"http:\/\/192.168.3.4\/wp-content\/uploads\/2018\/07\/Andriod-Encrypt-SD-Card.jpg\" alt=\"Android Encrypt SD card security\" width=\"247\" height=\"377\" srcset=\"https:\/\/www.cloudacm.com\/wp-content\/uploads\/2018\/07\/Andriod-Encrypt-SD-Card.jpg 247w, https:\/\/www.cloudacm.com\/wp-content\/uploads\/2018\/07\/Andriod-Encrypt-SD-Card-197x300.jpg 197w, https:\/\/www.cloudacm.com\/wp-content\/uploads\/2018\/07\/Andriod-Encrypt-SD-Card-177x270.jpg 177w\" sizes=\"auto, (max-width: 247px) 100vw, 247px\" \/><\/a><\/p>\n<p>To compound matters, some devices will not work with encrypted media, such as data loggers, gps modules, or embedded DVRs.\u00a0 Even the RPi doesn&#8217;t seem to provide a streamlined one stop shop when it comes to full media encryption (reference <a href=\"https:\/\/www.raspberrypi.org\/forums\/viewtopic.php?f=41&amp;t=6225\">4<\/a>).\u00a0 However, in defense of the RPi, the underlaying Linus OS does offer user folder encryption, which is better than nothing.<\/p>\n<p>Even with what appears to be encryption of the microSD media may in fact not be.\u00a0 The hardware inside the microSD is a range of many microscopically etched devices, namely a microcontroller.\u00a0 This sub device hardware introduces an unseen security risk that will simply baffle the general public (reference <a href=\"https:\/\/www.bunniestudios.com\/blog\/?p=3554\">5<\/a>).\u00a0 Here is a link to a presentation on the subject.<\/p>\n<p>https:\/\/youtu.be\/r3GDPwIuRKI<\/p>\n<p>The microSD media is not immune to the ease at which data duplication can occur.\u00a0 Momentary unauthorized physical access to a microSD card can go undetected.\u00a0 Devices that replicate the data are inexpensive and provide a way to make a copy of the microSD media in the field.\u00a0 These procedures are typically used for legal purposes, such as preserving evidence for court proceedings.\u00a0 The same is true for research, as in the recent paper published on microSD media security (reference <a href=\"https:\/\/www.comparitech.com\/blog\/vpn-privacy\/secondhand-memory-card-study\/\">6<\/a>).<\/p>\n<p>The bottom line is data contained on microSD media is insecure and will remain so until that media is physically destroyed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Many single board computers and mobile devices use microSD media as their primary data storage.\u00a0 However, microSD media is also used in cameras, security systems, and other small devices that handle large quantities of data.\u00a0 The security of this media format is often overlooked. In this post, we&#8217;ll look at some history around the topic of microSD security and its implications.\u00a0 I&#8217;ll also be covering some basic concepts of securing microSD media. MicroSD media is an extremely small form factor&#8230;<\/p>\n<p class=\"read-more\"><a class=\"btn btn-default\" href=\"https:\/\/www.cloudacm.com\/?p=3361\"> Read More<span class=\"screen-reader-text\">  Read More<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,3],"tags":[],"class_list":["post-3361","post","type-post","status-publish","format-standard","hentry","category-raspberry-pi","category-rd"],"_links":{"self":[{"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/posts\/3361","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3361"}],"version-history":[{"count":28,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/posts\/3361\/revisions"}],"predecessor-version":[{"id":3421,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/posts\/3361\/revisions\/3421"}],"wp:attachment":[{"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}