Study: RFID Tags Carry Potential Virus Threat
Radio chips being marketed as a replacement for the barcode threaten consumer privacy and are able to carry a virus, Dutch university scientists revealed on Wednesday. An infected radio frequency identity (RFID) tag is able to disrupt the database that reads information on the chip.
Scientists at Amsterdam's Free University were able to create a chip infected with a virus, and then use it to infect the database. Before this study, supporters of RFID assumed that the technology could not modify the back-end software that reads it.
"In our research, we have discovered that if certain vulnerabilities exist in the RFID software, an RFID tag can be (intentionally) infected with a virus and this virus can infect the backend database used by the RFID software," the researchers wrote in a paper discussing the flaw.
"From there it can be easily spread to other RFID tags."
The group says their experience in warning those using the technology about its security issues shows that many are dismissing such a notion as academic and theoretical. Thus, the group is making the malware code publicly available in order to convince users that the problem is potentially serious.
Several scenarios were given on how an RFID virus could be very dangerous, such as a prankster uploading a virus to a supermarket computer that could be used to change prices, or using his cat to pass a computer virus from animal to computer and back to animal through another RFID tag.
However, what may be the scariest of all is the potential airline scenario, where a virus could be used to disrupt baggage-handling systems, potentially hiding suspicious cargo.
"Merely infecting other tags is the most benign case," the group wrote. "An RFID virus could also carry a payload that did other damage to the database, for example, helping drug smugglers or terrorists hide their baggage from airline and government officials."
While in most cases, the critical response to RFID has been due to privacy issues, the scientists' discovery of potentially malicious ways to use the technology is even more troubling, they say.
In turn, the group is advocating action be taken now. "It is a lot better to lock the barn door while the prize race horse is still inside than to deal with the consequences of not doing so afterwards," they said.