Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Is Non-USB Flash Direct From China Safe?

Posted by timothy on from the ask-all-its-previous-partners dept.

Dishwasha (125561) writes I recently purchased a couple 128GB MicroSDXC card from a Chinese supplier via Alibaba at 1/5th the price of what is available in the US. I will be putting one in my phone and another in my laptop. A few days after purchased, it occurred to me there may be a potential risk with non-USB flash devices similar to USB firmware issues. Does anybody know if there are any known firmware issues with SD or other non-USB flash cards that could effectively allow a foreign seller/distributor to place malicious software on my Android phone or laptop simply on insertion of the device with autoplay turned off?

5 of 178 comments (clear)

  1. Fake! by Anonymous Coward · · Score: 2, Insightful

    I would almost guarantee for that price it's a fake card. It's a pretty common practice. It's either smaller than it says (Try a write test for the full 128gb) or slower than stated etc. Assuming you have an android phone that has the unauthorized sources turned off by default I would think your relatively safe. I would not say it's not possible of an attack though. To my knowledge there is no such thing as autoplay on android.

  2. Click the Contact Supplier button by fat_mike · · Score: 3, Insightful

    Or search Google or better yet be lazy and do no research at all and then post a question on Slashdot!

  3. Not a security risk, but a fake risk by Jiro · · Score: 1, Insightful

    I would tend to agree with other people: There's really no risk that a SD card is a security problem in the same way that USB is, since it's just storage. However, there is a big risk that any SD card you buy through unusual channels, especially at a ridiculously low rate like 1/5 the price, is just a fake which will start overwriting your data after you get past 1G or 8G or whatever. I absolutely refuse to buy SD cards outside a major physical store chain.

  4. don't worry about it by frovingslosh · · Score: 5, Insightful

    Don't worry about it. If you got it through Alibaba it is almost certain to be a counterfeit card with the size and even brand name printed on failing rejected cards, and it will have no better chance of retaining malware than it will have of holding your own data. I know a couple of people who bought through Alibaba that this happened to.

    --
    I'm an American. I love this country and the freedoms that we used to have.
  5. non-free formatter is risky by John_Sauter · · Score: 3, Insightful

    The SD Association has a special formatter which avoids this problem.

    Interesting that the special formatter is only available for Microsoft Windows and Apple Macintosh, and apparently only in binary form. Even if I had such a computer I would not be comfortable formatting my disk with non-free software. Who knows, it might be putting an encrypted child porn picture on a hidden part of the disk, exposing me to the risk of prosecution. No thanks.