Computer Knowledge - RFID May be Able to be Attacked

Search this site or the Internet.

Hot Topics

Please see the CKnow Home Page for a list of current hot topics.

Hot Utilities

Utilities that may help you...

Registry Booster [more]
Free registry scan.
WinBackup 2 Standard [more]
A full backup solution.
SpeedUpMyPC [more]
Auto maximize performance.
WinTasks 5 Professional [more]
Protect against security threats.
Registry Mechanic [more]
Registry clean, repair & optimize.
Spyware Doctor [more]
Three-way spyware protection.
Video Professor [more]
A FREE* lesson on CD or on-line.
Associate This [more]
A file extension manager.
TrID [more]
Identify hundreds of file types!
Free Tech Magazines [more]
No charge. No catch. No kidding.

Notes

DewaHost offers premium Web hosting service starting from $8.95/month and a high speed file hosting service - FileBurst!

CKnow does NOT spam.
E-mail is easily forged.

RFID May be Able to be Attacked

In an interesting twist on what many thought impossible, InfoWorld today (15 Mar 2006) reported that researchers had created proof-of-concept RFID self-replicating software. Researchers at Vrije Universiteit Amsterdam in the Netherlands presented a paper at a conference in Pisa, Italy indicating that RFID tags have several characteristics that could be engineered to exploit vulnerabilities in middleware and back-end databases.

While vendors have said that the memory on RFID chips is too small to hold malware (some hold as little as 114 bytes of information), the professor of a Master's student indicated that it took the student about four hours to write a virus that fit on an RFID tag (probably a larger tag than the 114 byte one -- the article did not say).

To be clear, this was a proof-of-concept development; it was not designed to teach others how to exploit current designs. But, it did indicate that care must be taken when writing the middleware that stands between the tag and the back-end database. Most exploits that might be expected for any malware written to attack RFID tags could be expected to be some sort of database attack which would include injection and buffer overrun attacks.

Consider a "what if" should an infected RFID tag be placed onto a piece of luggage traveling through an airport. As it passes through various readers the software in the tag makes its way through a middleware flaw into the main database. Once there on the server, the software can expand by calling other parts from other servers to create a larger entity. Backdoors can be installed and then exploited. You guess where it could go from there.

Understand, this article is not indicating that the world is about to come to an end or even that tomorrow some RFID malware will be released onto the world. It's just to indicate that it is possible to write such malware and so anyone writing any code that will serve as middleware between an RFID tag and a database server needs to take every precaution to make certain there are no exploitable holes in that code.

Just another thing to watch out for.

More Information

Last Changed: Wednesday, March 15, 2006
Navigation: Computer Knowledge Home :: News :: Security :: RFID May be Able to be Attacked