RFID Virus?

Filed in: Security, Technology — March 17th, 2006

advertisement

RFID tags may be vulnerable to viruses.”, say computer science researchers.

No RFID viruses has been released yet but RFID tags have the characteristics to be engineered to exploit vulnerabilities in bank-end system. The attack methods can be SQL injection or buffer overflow attack.

Patick Simpson, a master’s degree student, took only four hours to write a proof-of-concept, self-replicating RFID virus, which is small enough to fit on a RFID tag with as little as 114 byes of memory.

[Read Computerworld]

technorati tags ,

Bookmark and Share

Read also:

« Free 40 CSS Web Page Layouts
Mouse Click Capturing Trojan »
  • now that RFID is getting more and more attention.... but then the researchers said that this revolutionary technology is vulnarable to viruses, which are the most disfavourable things to most of the ppl...

    haih~~ all the good things hav its negative side...
  • cchiuyi
    i did an rfid related project for my final year. if you read the entire article, especially the original publication form the original author, you would know that this scenario would be less likely to happen to big vendors.

    typical china men solution without focusing on quality and software engineering practice would probably vulnerable to it.

    the virus actually acts just like any computer virus. e.g. sql injection and etc works in poorly coded rfid middleware and web application.

    if the programmer is good enough to escape " ' " (use for sql injection) then everything would be fine.

    golden rule for programmer that wants automatic seciurty build into the applicaiton is "user input is always evil, treat it evil, validate it and you would be almost free."
  • “user input is always evil, treat it evil, validate it and you would be almost free.“

    this is only the idea for so-called good application... but i believe... no matter how well a program is programed... there will always be security problems... in IT world... nobody can escape from it...

    just my 2 cents though...
  • cchiuyi
    i agree. because even if the application itself is secured, there are other element as well. such as operating system (below the application stack etc) third party component or alot more.

    but i usually use "user is evil" because i'd long ago read a research stating that about 60-80% of the damage,downtime or whaterver is caused by user itself, as in not internally faulty.

    in rfid case, its user
    s input that exploit the vulnerable loophole.
blog comments powered by Disqus