Personal Tech Pipeline | RFID Tags Can Carry Viruses - Researchers

White Papers

Sponsor Resources

Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

March 15, 2006

RFID Tags Can Carry Viruses - Researchers

Courtesy of TechWeb News

Page 1 of 2

Radio frequency identification tags (RFID) can be used to spread computer viruses and attack middleware applications and the databases behind them, a group of Netherlands-based scientists said Wednesday.

At an IEEE' conference on pervasive computing in Pisa, Italy, Melanie Rieback, a third-year PhD student at Amsterdam's Vrije Universiteit, presented a paper that outlined the threat to RFID systems and laid out how the small amount of memory in a tag -- in some cases as little as 128 bytes -- could be used to corrupt databases.

RFID tags have been promoted as a more efficient and economical way of tracking products -- from manufacturers to end-users -- and have been thought to be immune from such hacks.

Not so, said Rieback, a U.S. citizen who has studied in the Netherlands for the past five years. "This is a real threat, and it's going to be a larger threat if it's not taken care of," she said Wednesday after presenting her paper "Is Your Cat Infected with a Computer Virus?"

Once a hacker has created a miniature virus -- and perhaps planted a malicious tag on a product in store -- the attack begins as soon as the RFID tag is scanned. Attacks on middleware and the back-end databases, she said, could take the form of buffer overflows, code insertions, and SQL injections (a type of specialized code insertion that tricks a database into running SQL code).

To combat such attacks, middleware and database creators -- including big names like Oracle and SAP -- must harden their products to account for viral infections.

"We wanted to get the message out," she added. "Now they have warning."

Viruses could spread from tag to database, then to other tags in settings where RFID chips are written to, leading to scenarios where one incoming malicious tag leads to a factory sending out millions of infected chips to its customers.

"There are real-world consequences here," said Rieback. "Some car plants use tags on chassis to identify what color the car is to be painted. If a virus instructs the database to write tags that tell [the machinery to] switch colors, you're talking about destroying cars."

Andrew Tanenbaum, Rieback's supervising professor at Vrije Universiteit, had even more dire attacks in mind.

E-mail This Story
Print This Story
Reprint This Story

Page 2: next page

Page 1 | 2

Get the latest Personal Tech news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed

Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
Unleash the Power & Opportunity of Grid Computing
Experts will identify trends in grid computing, provide
examples and examine solution options.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?

In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.

Transform your IT infrastructure with IBM
Successful CIOs see IT as a prime stimulus for business innovation-and themselves as key participants in a process that develops business and IT strategies in concert. Read an executive summary and register to download the full IBM paper.

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

EMC SAN helps El Camino deliver superior service
EMC CLARiiON and Centera systems are helping El Camino Hospital provide better patient care. The hospital can quickly and effortlessly monitor, modify, and protect the availability of its entire storage environment while saving money ($150,000)

SEC & HIPAA IM Compliance
Satisfy regulatory and compliance requirements for instant messaging.

Secure & Easy Console Management with Digi CM
The Digi CM console server provides secure, intelligent & easy access to network devices with a serial console port. With Digi CM, you can securely monitor & control servers, routers, switches & other devices even when your network is down.

Buy a Link Now

Top ten search terms from the TechWeb TechEncyclopedia
Stellent eSeminar "Approaches to Metadata Design" on March 23
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia