RFID & Viral Vulnerability

Arleo writes "Student Melanie Rieback and others, part of a Tannenbaum research group in Amsterdam, have proven that RFID-tags are vulnerable for infection with viruses. In a research paper titled "Is Your Cat Infected with a Computer Virus?" is shown how an altered RFID tag can be used to send a SQL injection attack or a buffer overflow. They describe on the rfidvirus.org website possible exploits of this types of viruses: from altering the backoffice of a supermarket to spreading RFID viruses by infected bags on airports."

Re:Virus? I think not.

[TripMaster+Monkey]

If the SQL injection or buffer overrun instructs the middleware system to overwrite all RFID tags subsequently scanned with the exploit code, that's pretty self-replicating, isn't it?

Re:My question is why?

[karnal]

My company is currently trying to work towards a whole-house RFID setup (we sell consumer products.)

Problems we've had (in talking with the engineers):

1. Our product is in metal containers (within cardboard). Bad for RFID.
2. Placement is CRITICAL. Especially in a plant environment, you need to know where the RFID tag is so you can read and write it quickly; in addition to minimizing #3
3. Outside RF. We've had instances to where in a test lab, we can read and write and verify the write within 80ms, as a box is cruising by on the conveyor. Once we transition to the plant, however, it gets a little more shaky, as you have less control over where the conveyor motor is, more flourescent lights, and oh yea, there's still those damn metal cans.

RFID has a long way to go from what I've been told by our engineers. It's not as dead simple as you might think -- of course, for handheld scanners though, which require human intervention - may be 10 times easier since humans can modify the environment to see fit on the fly.

You almost have to be an insider FIRST

[Goldenhawk]

A lot of good comments have already been made here, but I'm surprised nobody has commented yet on something that seems obvious: if you're going to hack into a system, you have to know a little bit about the system first. You can't simply design some buffer overflow exploit and trust it will "hack" the back-end system. That seems awful "Independence Day"-ish - you know, writing a virus here on Earth that somehow magically attacks and shuts down an alien computer system. Makes for exciting movies (if you're not minimally smart about computers) but it never works in the real world.

In this case, it seems to me that if you know enough about both ends of the process, sure, you can develop some method to penetrate the system. Most malware authors have the benefit of working on a very well-known platform - the Windows PC - with known software (one of the limited numbers of email or browser programs). But attacking a back-end system like this is a much more dicey proposition - each large corporation probably will have its own back end, and may be running any of a dozen OS-and-database combinations.

So to benefit from this attack, it seems to me that the author has to be an insider to stand a ghost of a chance of success. If he's an insider, there are MUCH easier ways to penetrate the system.

As a result, while I have great concerns about RFID, this strikes me as FUD.
1) Develop complicated, application-specific RFID attack that would never be real-world useful
2) Write research paper spreading more fear about RFID
3) PROFIT! (or at least get a lot of attention)