My understanding of SD cards is that they dont have to negotiate a utility class like USB, they are identified only as storage by the OS, and their drivers only allow for that anyways.
On the other hand, USB can negotiate several classes for the same PID&VID, mostly the infamous HID class. The grand majority of USB attacks come from that unrestricted class negotiation allowed by the standard and most of them rely on the power of the HID class.
Does anyone know more about this? Is Linux safe from these USB attacks? What about OS X? I assume it's Windows that's most vulnerable?
I wasn't aware of this attack vector. I thought USB sticks were just treated as storage and nothing else. Seems like I was wrong.
Thanks for starting the discussion unamis76. Looks like I may have to start all over from scratch. Sigh. Isn't life fun?
USB storage vulnerabilities can be mitigated using virtualised OS's and IOMMU. I use Qubes OS, which is a ready-made implementation of that kind of configuration.