Information Security Bulletin

Research: Does Your Cat (or Passport) Have a Computer Virus?

16 Mar 01:03

As RFID chips only have a limited memory capacity, it was widely assumed that they could not become infected with a computer virus. However, researchers at VU Amsterdam have now discovered that this is a real possibility. Fortunately they have also come up with a number of adequate countermeasures.

RFID tags are small, relatively cheap microchips, which can be used to tag supermarket products, for example. They can also be implanted into pets or livestock. The same chips are used in public transport chip cards, ski passes or on baggage labels at airports.

Thanks to these tags, we will soon be able to do our shopping without having to queue at the tills. An RFID scanner placed at the exit will transmit a radio wave that will be received by all the RFID tags in your shopping trolley. The tags identify themselves, the scanner registers the products you have bought and the total bill can be debited directly from your bank account. Walmart, the largest supermarket chain in the world, expects to make a total switch to products with RFID chips within the next few years.

However, these tags are apparently more vulnerable than was first thought. PhD candidate Melanie Rieback and her supervisor Prof. Andrew Tanenbaum have found a way of placing a computer virus onto a RFID tag. This was previously considered impossible on account of the limited memory capacity of the tags. Melanie Rieback gave a demonstration of her discovery on Wednesday 15 March at the annual IEEE Conference on Pervasive Computing and Communications in Pisa.

Digital plague
These chips may be small, but just one infected RFID tag may be capable of disrupting an entire system with disastrous consequences. Take, for example, the airport at Las Vegas, which handles two million items of luggage per month. As from May 2006, RFID tags will be attached to cases to speed up the baggage handling process. If someone intentionally attaches an infected RFID tag to his case, the entire system could be thrown into disarray. As soon as the case is scanned, the infected tag would be able to invade the airports central baggage database and all cases subsequently checked in will also become infected. On arrival at other airports, these cases will be scanned again and within 24 hours, hundreds of airports throughout the world could be infected. The perfect solution for smugglers and terrorists wanting to send suspicious luggage across the world without being noticed.

Countermeasures
Fortunately, the threat of infection can be countered using standard measures. Rieback stresses that developers must check their RFID systems, and implement safety procedures and secure programming technology. Although these countermeasures will curb the threat posed by RFID viruses, extra time, money and effort will need to be spent on implementing them. It is therefore imperative that RFID system developers and users check the security of their systems now, before they are put to large-scale use.

Related links: (Open in a new window.)
www.rfidvirus.org/papers/percom.06.pdf

View printable version (opens in new window)
Back

Search ISB News:

Not yet sure you want to subscribe?

Download a free sample copy!

Download the much quoted October 2005 Editorial

Portal Frontpage
Web Editorial
About This Portal
Contact Info

IS Alerts
General News
Product News
Vendor News
People News
Literature
Events
CHI News

About ISB
Publishing in ISB
Advertising in ISB
PR Information

In the current issue:

Legal Issues
Of Trojans, Cheerleaders and Cuckoos…
Jon Colombo

Web Security
Web 2.0 vs. Web 1.0 – Security Standpoints and Challenges
Shreeraj Shah

Computer Forensics
Trends In Disk Drives and Data Transfer Speed
Steven Branigan