Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Jumps to RFID

Posted by ryuzaki0 on

MrShaggy writes "According to a BBC article, researchers have been able to make the jump between RFID tags and viruses. They found that the mere act of scanning a mere 127 bytes could cause an attack vector that would corrupt databases. From the article;'"This is intended as a wake-up call," said Andrew Tanenbaum, one of the researchers in the computer science department at Amsterdam's Free University that did the work revealing the weaknesses on smart tags. "We ask the RFID industry to design systems that are secure," he said.'"

3 of 109 comments (clear)

  1. Erm by LordPhantom · · Score: 4, Informative

    2 words - Input Validation

    This article can be summed up in the following sentance:

    OH NO! Anyone can put ANYTHING on a tag that might be read by database software! Horrors!

    C'mon people, this is basic data security 101 - never trust inputs without validation. This isn't a problem with insecure tags, it's a problem with import software/database code.

  2. Re:FUD? by LiquidCoooled · · Score: 5, Informative

    If the tag data is expected to be an alphanumeric code to represent the customer: Slashdot_LiquidCoooled_634315

    this can be used (incorrectly) to produce a raw piece of SQL:

    select * from Customers where Code='Slashdot_LiquidCoooled_634315'

    if that code contains quotes and they are not being handled correctly then it is certainly possible to corrupt the database.

    Suppose my RFID was programmed with something like this and it was not being validated correctly:

    '; Drop table [customers];

    The resulting SQL could end up something like:

    select * from Customers where Code=''; Drop table [customers];'

    bye bye customers table (if permissions set at defaults and the wind is blowing your way)

    --
    liqbase :: faster than paper
  3. The full article -- it's legit by davecb · · Score: 4, Informative

    There is a PDF and also a complete discussion at http://www.rfidvirus.org/virus.html, breifly outlining "Replication Using Self-Referential Queries" and "Replication Using Quines".

    For example,
    Database systems usually offer a way to obtain the currently running queries for system administration purposes. However, these functions return queries as an normal string, which makes it possible to store them in the database, thereby replicating the query.

    We have developed two versions of the virus, one that is contained in a single query, and one the requires multiple queries. The virus using a single query requires less features from the database, but cannot carry SQL code as a payload. The virus using multiple queries requires a database that supports this, but it does allow SQL code as a payload.

    Details on the virus using self-referential queries can be found athttp://www.rfidvirus.org/exploits/sql_self/index .html

    --
    davecb@spamcop.net