Domain: rfidvirus.org
Stories and comments across the archive that link to rfidvirus.org.
Comments · 6
-
Who wants to be a kabillionaire
Snippet... you just run your credit card through a reader built into the table (or, when RFID cards have become the norm, just slap your card on the tabletop) and your new phone is paid for. And the casinos are looking into this to? I guess some black/grey hatters will be heading over to http://www.rfidvirus.org/ in pre-anticipation of those Texas Hold-em games...
-
Re:proof of concept RFID virus
Here http://en.wikipedia.org/wiki/RFID#Viruses is a nice little bit, and a link to the original article. http://arstechnica.com/news.ars/post/20060315-638
6 .html
ArsTechnica links to http://www10.nytimes.com/2006/03/15/technology/15t ag.html?_r=5&th&emc=th&oref=slogin&oref=slogin&ore f=slogin&oref=slogin and to the real original webpage http://www.rfidvirus.org/index.html
Basically, it uses buffer over flows to insert nasty code into a computer. The RFID chips contain the code and when read exploit problems in the reader. You can use commercially available tools to write your own RFID chips. Have fun. -
Re:"The" Andrew S. Tannenbaum
A previous Tanenbaum's paper about RFID virus: http://www.rfidvirus.org/papers/percom.06.pdf (also check the main site)
And a good presentation of RFID and its security: http://www.cs.wustl.edu/~jain/cse574-06/ftp/rfid/i ndex.html -
Re:read only
"So a specially-crafted RFID tag could cause code to execute on a vulnerable RFID reader. That's not a virus. But if this code causes the RFID reader to begin writing copies of the bad data to tags, then we have a virus."
The real article (not the lame BBC article) describes how to construct a self-replicating virus that copies itself to RFID tags as they are written. They also describe how to create RFID worms. The attack vectors are basically SQL injection, cross-site scripting, and buffer overflows.
-
The full article -- it's legit
There is a PDF and also a complete discussion at http://www.rfidvirus.org/virus.html, breifly outlining "Replication Using Self-Referential Queries" and "Replication Using Quines".
For example,
Database systems usually offer a way to obtain the currently running queries for system administration purposes. However, these functions return queries as an normal string, which makes it possible to store them in the database, thereby replicating the query.We have developed two versions of the virus, one that is contained in a single query, and one the requires multiple queries. The virus using a single query requires less features from the database, but cannot carry SQL code as a payload. The virus using multiple queries requires a database that supports this, but it does allow SQL code as a payload.
Details on the virus using self-referential queries can be found athttp://www.rfidvirus.org/exploits/sql_self/inde
x .html -
No expects an RFID tag to send a SQL injection...From the real paper: "No one currently expects an RFID tag to send a SQL injection attack or a buffer overflow."
I think the point of the research is that many RFID tags are read by closed or theortically isolated systems like inventory control devices and pet identity scanners that probably have not been examined for the kinds of vulnerabilities that we (theoretically) look for Internet accessible servers.
While we have a mediocre system for updating Internet-based applications in the face of vulnerabilties, the prospect of updating piles of non-Internet accessible devices is indeed an issue.