Wednesday, March 15, 2006

Virus propagation via RFID tag

Ed Felten writes about a new paper that discusses the possibility of RFID tags being used to exploit flaws in RFID reader software to propagate a virus. The paper, authored by Melanie Rieback, Bruno Crispo, and Andy Tanenbaum of Vrije Universiteit in Amsterdam, includes a description of a proof-of-concept the authors developed. By including a SQL injection flaw in the reader software they wrote, and RFID tag containing appropriate malicious code, the reader then propagated the malicious code by writing it to new RFID tags. If such a flaw exists in real reader code, the potential exists for a virus to be transmitted from reader to reader via RFID tags, with each infected reader writing the virus out to additional tags.

BTW, this is the same Andy Tanenbaum who wrote the classic textbook Operating Systems: Design and Implementation and developed Minix, which inspired Linus Torvalds to create Linux.

Rieback gave a talk at last year's "What the Hack" hacker conference in Amsterdam on "Fun and Mayhem with Radio Frequency Identification."

No comments: