Laptops that support SD Express memory cards may be vulnerable to attacks through their card readers due to the direct memory access (DMA) function, warn specialists from the Russian cybersecurity company Positive Technologies. Devices with such card readers are already present in Lenovo's premium ThinkPad laptop line and MSI gaming models.
The SD Express standard emerged in 2018 to handle the increasing volumes of photo and video data. Card readers for these cards connect to the computer's PCIe bus, providing high-speed data exchange with direct memory access, bypassing the processor. Although devices supporting this standard are currently few, experts believe that the technology will become popular in the coming years and will find application in mass-market devices such as computers, video cameras, and smartphones.
The danger lies in the fact that hackers can use the SD Express card reader to connect to the PCIe bus and conduct DMA attacks. This allows them to load data directly into the laptop's memory, as well as read and edit it at high speed. Such attacks give attackers the ability to inject malicious code into programs, extract encryption keys, passwords, disable protective mechanisms, and perform other actions. However, physical access to the device is required to carry out such attacks.
The DMA mode, used for accelerated data exchange, operates without the involvement of the central processor, which offloads it and increases the speed of operations. However, as Positive Technologies specialists emphasize, this functionality simultaneously opens a new vector for attacks that can be exploited by attackers.