Thursday, March 16, 2006

RFID virus POC paper

Cheap radio chips that are replacing the ubiquitous barcode are a threat to privacy and susceptible to computer viruses, scientists at a Dutch university said on Wednesday.
The paper presents an attack where the tags carry a small amount of data (127 characters) that will infect the RFID reader. More precisely, they use an SQL injection attack against an Oracle database backend that interfaces with the reader. The reader will then continue to infect all new tags it sees. Luckily, this is currently only a proof-of-concept attack, even though it's a scary idea. The problem is that an infected RFID tag, which is read wirelessly when it passes through a scanning gate, can upset the database that processes the information on the chip, says the study by Melanie Rieback, Bruno Crispo and Andrew Tanenbaum.
Well don't worry at this moment as this is only a POC. The 'EICAR taskforce on RFID' will take action ASAP to prevent such real attacks. But 'that' will take 'ages' in my opinion... ;-)
You can find more info within the self-replicating RFID viruses paper. The paper is titled "Is Your pet Infected with a Computer Virus?".