{
	"id": "61c9a40e-09f7-42f1-b58e-07784ce45376",
	"created_at": "2026-04-06T00:21:18.622792Z",
	"updated_at": "2026-04-10T03:21:26.561405Z",
	"deleted_at": null,
	"sha1_hash": "950c2128c8c4bf3c92db74f1f0252b03bfbe8f49",
	"title": "STA-41 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35442,
	"plain_text": "STA-41 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 13:40:27 UTC\r\nMobile Threat Catalogue\r\nUnauthorized Disclosure of SD Card Data\r\nContribute\r\nThreat Category: SD Card\r\nID: STA-41\r\nThreat Description: Unauthorized access to data stored on an attached SD card may have multiple causes.\r\nVulnerabilities in the microcontroller integrated into the SD card itself may allow a crafted app to access arbitrary\r\nmemory locations. Further, apps may store data on an attached SD card in locations readable by any app with\r\npermission to access an attached SD card. Additionally, as removable media, SD cards can be mounted to devices\r\naccessed by operating systems or applications that may ignore or explicitly bypass any security information (e.g.\r\nfile permissions) applied to stored data.\r\nThreat Origin\r\nOn Hacking MicroSD Cards 1\r\nExploit Examples\r\nCVE Examples\r\nCVE-2014-7259\r\nCVE-2014-1566\r\nCVE-2014-1969\r\nPossible Countermeasures\r\nMobile Device User\r\nConfigure the mobile device to encrypt data stored on an attached SD card.\r\nIf sensitive data is to be stored on or processed by an SD card, use a distinct SD card for each security context\r\n(e.g. business and personal) to limit the potential for data leakage between them via common use of an attached\r\nSD card.\r\nOn Android devices running 5.0 or later, do not grant access to the SD card to untrusted apps.\r\nRemove any attached SD card when not in use.\r\nhttps://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-41.html\r\nPage 1 of 2\n\nWhen not in use, secure SD cards storing sensitive data with strong physical security controls.\r\nEnterprise\r\nDeploy MAM or containerization solutions that support policies that can enforce strong encryption on any data\r\nstored on the SD card by trusted apps\r\nDeploy MAM or containerization solutions that support policies that can restrict access to the SD card by\r\nuntrusted apps.\r\nUse app-vetting services to determine if any apps present in your mobile device deployment store data on or\r\naccess an SD card in an untrusted manner so appropriate policies and controls can be established to mitigate those\r\nrisks.\r\nReferences\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-41.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-41.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-41.html"
	],
	"report_names": [
		"STA-41.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434878,
	"ts_updated_at": 1775791286,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/950c2128c8c4bf3c92db74f1f0252b03bfbe8f49.pdf",
		"text": "https://archive.orkl.eu/950c2128c8c4bf3c92db74f1f0252b03bfbe8f49.txt",
		"img": "https://archive.orkl.eu/950c2128c8c4bf3c92db74f1f0252b03bfbe8f49.jpg"
	}
}