Viruses leap to smart radio tags

Found on BBC News on Sunday, 16 July 2006

Computer viruses could be about to take a giant leap and start spreading via smart barcodes, warn experts.

Security researchers have infected a Radio Frequency ID tag with a computer virus to show how the technology is vulnerable to malicious hackers.

"Everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify back-end software and certainly not in a malicious way. Unfortunately, they are wrong," wrote the trio in their research paper.

The researchers showed how to get round the limited computational abilities of the smart tags to use them as an attack vector and corrupt databases holding information about what a company has in storage. To test out the theory the group created a virus for a smart tag that used only 127 characters, uploaded it and watched it in action.

If viruses do appear in smart tags, said the researchers, they are likely to cause problems for companies that read data off the tags. They speculated that consumer activist groups could use smart tags viruses to cause havoc at stores they are targeting.

It would be fun to have a t-shirt saying "scan me and die" with the modified tags added to it. This would be some sort of defense against unwanted (and unannounced) scanning; because the more common RFID gets, the more some it might be (ab)used as a tracking device.

Browse all articles« Previous « » Next »