RFID chips capable of transmitting viruses

By Steve Malone

Posted on 16 Mar 2006 at 10:36

A group of Dutch researchers have demonstrated that it is possible to insert malicious code into an RFID chip. Until now the prospect of viruses appearing on RFID units has been considered remote because of the tiny memory capacity in the devices and the possibility of transmitting remote code simply by scanning.

RFID or Radio Frequency Identification chips are becoming increasingly common as a method of tracking or securing goods in transit. They are seen as smarter alternative to the familiar barcodes seen on most modern packaging.

In a paper entitled 'Is Your Cat Infected With a Computer Virus?', the team from the computer science department at Vrije Universiteit in Amsterdam discovered that if certain vulnerabilities exist in the RFID software, it is possible for them to be used to transmit malicious code.

Typically, computer-bound or mobile RFID readers query RFID tags for their unique identifier or on-tag data which provides a database key or launches some other software. A typical application might be supermarket checkout scanner which reads the RFID tag on the items, which are checked against a database of the store's inventory and price lists and produces the total.

The assumption has been that the act of scanning could not be used to modify the database or other back end systems. However, the Dutch researchers have found a way to do just that. They discovered that if certain vulnerabilities exist in the RFID software, an RFID tag can be infected with a virus that can infect the backend database used by the RFID software. From there it can be easily spread to other RFID tags.

More at www.rfidvirus.org