A critical vulnerability in SD Express memory cards, called DaMAgeCard, has been uncovered, enabling attackers to exploit the PCIe interface for direct access to system memory. Discovered by Positive Technologies, this flaw can potentially give attackers unauthorized access to system memory, bypassing typical software defenses.
The DaMAgeCard exploit leverages the PCIe interface within SD Express memory cards to perform Direct Memory Access (DMA) attacks. By exploiting the privileged access that PCIe provides, attackers can bypass traditional software-based security mechanisms such as antivirus programs or OS-level protections. Once connected to a vulnerable system, the compromised SD Express card can directly interact with the system’s memory.
This allows attackers to inject malicious code, extract sensitive information such as passwords or encryption keys, or manipulate the system’s operations undetected. The attack’s stealth stems from its operation at a hardware level, making it difficult for standard defenses to identify or block the exploit. The vulnerability is exacerbated by the lack of widespread implementation of hardware-level security measures, such as Input-Output Memory Management Units (IOMMUs), which could isolate and secure memory access.
Since DMA attacks bypass the CPU, they operate stealthily, making them particularly dangerous for devices prioritizing speed and performance over advanced hardware protections.
The vulnerability impacts any device using SD Express, including laptops, gaming consoles, cameras, and tablets. Handheld gaming consoles, which rely on SD Express for high-speed performance, are particularly vulnerable due to their popularity and widespread use. Moreover, this flaw opens the possibility of supply chain attacks, where malicious SD Express cards could be distributed to unsuspecting consumers.
To protect systems from DaMAgeCard and other DMA-based vulnerabilities, Positive Technologies recommends implementing several key security measures:
- Enable IOMMU: Ensure that Input-Output Memory Management Units (IOMMUs) are activated on all PCIe-capable devices. This adds an additional layer of isolation by managing and restricting direct memory access.
- Restrict DMA privileges: Configure systems to grant direct memory access only to verified and trusted devices, preventing unauthorized hardware from exploiting DMA capabilities.
- Keep firmware updated: Apply the latest firmware updates to devices. Updates may include features like secure transitions between SDIO and PCIe modes or mechanisms that validate SD Express cards through cryptographic signatures before allowing DMA operations.
- Disable hotplugging: If not required for operations, disable the ability to connect new devices while the system is running. This mitigates risks from untrusted devices being plugged in to execute an attack.
- Avoid unknown devices: It is best to stay away from using unfamiliar SD cards or external memory readers with sensitive systems, as these may be tampered with or designed to exploit vulnerabilities.
- Regular device inspections: In environments where devices are shared or left unattended, regularly inspect hardware for signs of tampering or unauthorized modifications.
The discovery of DaMAgeCard highlights a broader concern in hardware development: the balance between performance optimization and robust security measures. As PCIe technology becomes more common in consumer electronics, similar vulnerabilities could emerge, exposing users to potential attacks.