Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Is Non-USB Flash Direct From China Safe?

Posted by timothy on from the ask-all-its-previous-partners dept.

Dishwasha (125561) writes I recently purchased a couple 128GB MicroSDXC card from a Chinese supplier via Alibaba at 1/5th the price of what is available in the US. I will be putting one in my phone and another in my laptop. A few days after purchased, it occurred to me there may be a potential risk with non-USB flash devices similar to USB firmware issues. Does anybody know if there are any known firmware issues with SD or other non-USB flash cards that could effectively allow a foreign seller/distributor to place malicious software on my Android phone or laptop simply on insertion of the device with autoplay turned off?

6 of 178 comments (clear)

  1. Make you sure you can read and write every bit by kimgkimg · · Score: 5, Informative

    You'll want to check to make sure you are actually getting a 128GB card. I've gotten a couple of fake flash drives and cards over the years which report the proper capacity and will even format, but when you try to write actual data to the device you end up with corrupt files. If the price is too good to be true, it generally is, so I don't buy cards or sticks from vendors that I can't return anymore. Use H2TESTW to test the speed and capacity of your flash card/device: http://forums.sandisk.com/t5/S...

  2. Re:Nope. by Anonymous Coward · · Score: 5, Informative

    He was asking about firmware. Formatting the SD card will not do anything to the firmware.

  3. Re:Probably fake cards, actually by Megane · · Score: 4, Informative

    I think it's funny that he's worried about being pwned by the flash card firmware (answer: you can't, it's not a generic interface like USB that can be keyboards, mice, network cards, etc. on a whim), and not about being cheated by the old "1GB card that claims to be 4GB" scam.

    Anyhow, here are some relevant links:
    http://www.bunniestudios.com/b...
    http://www.bunniestudios.com/b...

    --
    #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  4. Re:Ditto by sexconker · · Score: 3, Informative

    SDHC only goes up to 32 GB, so that should have been your first clue. Happened to my dad, too.

  5. Alibaba has a long way to go by Anonymous Coward · · Score: 2, Informative

    I got a counterfeit USB stick from Aliexpress and gave the item a one star review. The company actually called me up the next night - or should I say morning (3 AM), telling me that they understood the time difference and that they would continue to call me at that time every day until I changed my review.

    I will never deal with Aliexpress again. Aliexpress never replied to my complaint. I will stick with something that realizes the importance of reputation.

  6. Re:don't worry about it by resfilter · · Score: 5, Informative

    oh dear god dont write over the protected area! ...

    it's used for some specialized keys for some rarely used version of DRM. so if you have a CPRM "protected" file on the sd card, then.. you know.... "accidently" give the file to someone else, they'll lack the decryption keys (since they're stored outside of the filesystem by the program that wrote the file to the flash card) and the file will be useless.

    http://en.wikipedia.org/wiki/C...

    it's another one of those things that attempts to relabel yet another "generic binary storage device" as a "specialized media holder to assist content protection", and you should actually go out of your way to destroy this "protected area" instead of carefully avoiding damage to it.

    it's totally safe to write over this "protected area" and use it for your own data, and it's rare to run into programs that actually use CPRM for protection against distribution (although they probably do exist, why would you use such a thing?).

    that's probably why you've never heard of it or noticed writing over it.