2006 - 1,110 views, 1 Comment

Summary: There's been a lot in the news lately about computer viruses hiding on RFID chips. It all started when a group of researchers presented a paper this week, entitled "Is your cat infected with a computer virus?" The paper, written by three computer ...

Previous Article « Get Your Drugs Through WiFi! Wireless Technology Used to Deliver Drugs
Read Next Article » Computer Technician Busts Child Porn Enthusiast, and His Employer Gets Blasted for it!

There’s been a lot in the news lately about computer viruses hiding on RFID chips. It all started when a group of researchers presented a paper this week, entitled “Is your cat infected with a computer virus?”

The paper, written by three computer science researchers with Amsterdam’s Free University, detailed how the three researchers had successfully infected RFID chips with a computer virus, and had made the RFID chips a vector for that virus, meaning that they were able to pass the virus from the RFID chip to other computers.

“Everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify back-end software and certainly not in a malicious way. Unfortunately, they are wrong,” explained the paper.

Following their presentation, news outlets around the world reported about the threat of computer viruses spread by RFID, and experts chimed in.

“RFIDs with embedded computers are susceptible to basically all the same threats any other computers are. Unfortunately,” observed Mikko Hypponen of security firm F-Secure.

But not everybody thinks that this is a likely risk. For example, Ray Wagner, of the Gartner Group, says that “The likelihood of something like this occurring is extremely low at this point. I don’t expect some kind of RFID virus to appear in the wild anytime soon.”

However, it is not only possible, but, it seems, probably. It seems like the only question remaining is not “if”, but “when?”

The bottom line here, then, is that those who manufacture RFIDs should be thinking about building in some security (presently there is nothing such as a “secure RFID chip”), and sooner would be better.

Email the link for this page to a friend!

Read more:

» Abra Cadavera - a New Use for RFIDs

» U.S. Company Requiring Employees to Get Microchipped with RFIDs Injected into Their Arms!

» Follow-Up to RFIDs in Your Passports: Administration Just Says “No” to Privacy Protection Measures

» RFID Manufacturer Poo-poos Privacy Advocates, Ridicules Those with Concerns

For additional similar stories check out our archives on RFID, Virus & AntiVirus

1 Comment »

there are some misconceptions floating around about the RFID virus thing… the RFID tags only served as a storage/distribution medium, not unlike a floppy disk or USB flash drive… it’s the software that uses the data on the RFID tags that may be vulnerable to the types of attacks mentioned in that paper…

specifically, the paper points out that input validation bugs could allow for an arbitrary code execution vulnerability (and they just happened to use ‘viruses’ in order to demonstrate that fact)…

Comment by kurt wismer — 3/21/2006 @ 10:06 am

RSS feed for comments on this post.

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>