RFID & Viral Vulnerability

Arleo writes "Student Melanie Rieback and others, part of a Tannenbaum research group in Amsterdam, have proven that RFID-tags are vulnerable for infection with viruses. In a research paper titled "Is Your Cat Infected with a Computer Virus?" is shown how an altered RFID tag can be used to send a SQL injection attack or a buffer overflow. They describe on the rfidvirus.org website possible exploits of this types of viruses: from altering the backoffice of a supermarket to spreading RFID viruses by infected bags on airports."

Mighty If-fy

[Billosaur]

From rfidvirus.org: Here is where the trouble comes in. Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify back-end software, and certainly not in a malicious way. Unfortunately, they are wrong. In our research, we have discovered that if certain vulnerabilities exist in the RFID software, an RFID tag can be (intentionall) infected with a virus and this virus can infect the backend database used by the RFID software. From there it can be easily spread to other RFID tags. No one thought this possible until now. Later in this website we provide all the details on how to do this and how to defend against it in order to warn the designers of RFID systems not to deploy vulnerable systems.

So to sum up, if some programmer doesn't do his/her job, the RFID tag they plan on implanting in our passports could be used as delivery devices to compromise computer systems around the globe.

I'm going to rate this a pretty big if, though, as we know from all the patching going on, the probability is very high. RFID software is going to have to be thoroughly tested and watched like a hawk. Undoubtedly there's going to come a point where if one or two of these viruses get out and something newsworthy happens (airport computers crash, Citigroup gets credit card data stolen, etc.), the whole idea of RFID tags everywhere is going to get a serious black eye.

Re:Bright Future for RFID malware.

[gutnor]

I imagine the bright future ...

I'll have too explain my dad to not to download whatever crap on internet, never reply yes when a crap want to install something without asking me first and now ...
I need to ask him to check the ServicePack version on his six-pack and explain him that bringing russian vodka home can wipe out his harddisk when he turns the TV on?

Re:My question is why?

[karnal]

My company is currently trying to work towards a whole-house RFID setup (we sell consumer products.)

Problems we've had (in talking with the engineers):

1. Our product is in metal containers (within cardboard). Bad for RFID.
2. Placement is CRITICAL. Especially in a plant environment, you need to know where the RFID tag is so you can read and write it quickly; in addition to minimizing #3
3. Outside RF. We've had instances to where in a test lab, we can read and write and verify the write within 80ms, as a box is cruising by on the conveyor. Once we transition to the plant, however, it gets a little more shaky, as you have less control over where the conveyor motor is, more flourescent lights, and oh yea, there's still those damn metal cans.

RFID has a long way to go from what I've been told by our engineers. It's not as dead simple as you might think -- of course, for handheld scanners though, which require human intervention - may be 10 times easier since humans can modify the environment to see fit on the fly.

Not pure FUD, just facts.

[Vo0k]

Except these dimwits DO treat RFIDs as trustable.
Not 'evil', just dumb. RFID reader is an insecure input device like any other, and you don't even need physical access to use it. But it seems nobody thought of preparing a barcode that could crash the cash register, recording a magnetic card that would infect the security system, etc. Some devices are thought to be too simple to mean danger - wrongly. I remember some old Atari games that would crash or misbehave if you'd open the joystick and pressed "left" and "right" simultaneously. I burnt electronics of a RC toy car by telling it to go forward and back at the same time. Got a motorbike to run backward by starting the engine by pushing it backwards. Managed to crash my cell phone by buffer overflow at battery load level sensor (it WAS a software failure!) Got a CD tray to stop halfway by simultaneously pressing the eject key and sending eject commands from the computer.

A toggle switch can be ballanced in the middle position. A pushbutton can be softly pressed make a spark-gap. Unconnected lines can be shorted. Even a single-bit input device cannot be trusted.