this post was submitted on 29 Dec 2023
83 points (98.8% liked)
Asklemmy
43807 readers
900 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
We're talking about an sd card here. The absolute majority of these attacks only work with USB drives.
And the rest either don't make sense or make use of a 0day, which, as I've already said, is inconceivable
How do you read a SD card? I usually put it in my SD card reader which is USB.
The SD card is still speaking SD protocol, the card reader bridges between USB and SD.
This only works with USB sticks because they're plugged on directly over USB and you don't know whether it'll present itself as a storage device or as a keyboard that immediately starts typing stuff and running a bunch of commands.
The risk is not the flash storage part, it's the USB interface.
But I don't think OP is saying the package came with an sd card reader as well that they used