RFID chips can spread viruses
While most of the
protests about the spread of RFID technology have been related to
privacy and related issues, here's a new issue to worry about: viruses. Dutch researchers implanted a virus in an RFID
chip, and then used it to demonstrate that an infected chip could potentially spread a virus to a database server as
it's being scanned. In theory, this could lead to compromised data in everything from supermarket product inventories
to terrorist watchlists, resulting in mispriced ice cream and global chaos. We anticipate that security experts will
respond quickly and install safeguards to protect databases -- except in the supermarket, where they're expected to
allow tampering so that they can continue getting cheap ice cream.[Thanks to everyone who sent this in]
Filed under: Misc. Gadgets, Wireless
Reader Comments (Page 1 of 1)
slash @ Mar 15th 2006 4:01PM
I always knew you had a sweet tooth Marc. ;)
Poopmaster @ Mar 15th 2006 4:21PM
Hmm. So the chip itself has firmware that can be reprogrammed and then, infected? Sounds like a PROM rewrite. Given the audience and the necessity of physical access (I'm guessing), it sounds like a true low-frequency event.
Saffy @ Mar 15th 2006 4:28PM
Mmm...cheap ice cream. Now I'm ready to jump on the RFID bandwagon. Screw unsecured personal information potentially leading to identity theft. I wants me some $.25 peanut butter cup.
Mike @ Mar 15th 2006 4:29PM
NO! NOT THE ICECREAM!
anything but that!
WHAT HAS THIS WORLD COME TO?
JJ @ Mar 15th 2006 4:31PM
'except in the supermarket, where they're expected to allow tampering so that they can continue getting cheap ice cream.' I like it, it looks like you guys took some good prase and embraced it (I think you should give that person the computer!)You know what i am talking about!
Josh @ Mar 15th 2006 4:37PM
Remember the Passport post with the RFID from the other day? What if you got an "I'm a terriorist" virus on your passport that alerted customs that you were a terriorist? That would make for some interesting vacations.
russ @ Mar 15th 2006 4:47PM
would that imply the contents of the RFID chip gets executed somewhere? huh? maybe utilising buffer overflows in the supermarket's database?
Billy @ Mar 15th 2006 4:51PM
Dude, it is ICED CREAM or ICECREAM, but not ICE CREAM.
David @ Mar 15th 2006 5:15PM
The class of vulnerabilities they're talking about are data validation flaws (SQL injections, buffer overruns, shell codes). Most of these problems can be stopped by just validating your input (and 'safing' it as necessary) before sending it willy-nilly through your program.
Of course, this presupposes that most developers can actually design software for the real world.
Ethan @ Mar 15th 2006 5:37PM
David (currently #7) is right. This is basically your run-of-the-mill data validation flaw that seems to plague every new technology before it gets widespread use. Basically, software that reads RFID chips should tread the RFID response as untrusted, validating it just like they would an HTML form input.
Say it looks for a numeric ID on the chip and then queries a DB with "SELECT * FROM `groceries` WHERE `id` = '$RFID' " and someone malicious has coded the chip to return " '; DELETE FROM `groceries` WHERE '' = ' " ... instead of a numeric value. Poof - no more inventory database.
Ian @ Mar 15th 2006 6:17PM
Considering that most tags are 64 bit and 96 bit, 8 and 12 bytes respectively, there's not many SQL commands you can execute. Although in theory possible, your a moron if you name your table with a single character or something.
Plus as said, if you just verify the data read from the tag, you will be fine. I am currently working on a RFID solution, and while possible, in practice I doubt you will see something like this occurring except in rare circumstances.
Ian @ Mar 15th 2006 6:23PM
Also, I forgot to add that not all tags can be re-written. I would suspect that important things like passports will be read only, so someone cannot override your information.
Siege @ Mar 15th 2006 6:26PM
';INS [overflow code]'
Also, who says that an RFID reader is limited to reading only those bits? Could someone provide a brief explanation of the physical limits for particular RFID tokens and readers, and why those limits exist?
RFID teknolojisi @ Mar 15th 2006 7:06PM
it's poor for security. Because many security systems are use it for exam. airline, metro etc.
Ian @ Mar 15th 2006 8:11PM
Siege:
The only bits that exist are 0 and 1. A tag can only hold as much data as memory on the chip. The standard values are 64 (transitional), 96 (will be the most used), and 128 (needed for companies with many products/many serial numbers).
Depending on the encoding, the bits are arranged in specific ways. There are many websites that describe the different encodings. For SGTIN 96 bit, the first 8 bits are the header, the next 3 bits are the object type, the next 3 are the partition, the next 20-40 bits are the Company prefix, the next 24-4 are the item reference (SKU), the next 38 bits are the serial number. The barrier between the the company prefix and item reference can be changed.
A would be hacker could ignore the encoding, and just arrange every 8 bits in to a byte, and encode a string within the tag. This string could be used in a malicious way if the software that interfaces with the reader does not verify the data.
The easy solution in software is to verify that the tag conforms to a specific encoding. The encoding being used should be known in advance, so you can hard code it in to your program.
Ryan Gardner @ Mar 15th 2006 9:53PM
God help us all if there is ever a Bird Flu to RFID mutation...
To #7 - You are wrong. Go to Ben & Jerry's website: http://www.benjerry.com - they make "Ice Cream" - not any of the wackedout variations you said were correct.
Hurricane Joy @ Mar 16th 2006 12:05AM
Thank God for the Ians and Sieges and Ryan Gardners of the world! They may just save us from the wack-job Billys and RFID hackers out there, so we can enjoy all that cheapo ICE CREAM in dubious safety.
p-diddy @ Mar 16th 2006 4:43AM
>>Dude, it is ICED CREAM or ICECREAM, but not ICE CREAM
Not according to
http://benjerrys.com
http://breyers.com/products/ind_product.asp?UPC=77567-25450&brand=Breyers&pageFrom=pickproduct
http://haagendazs.com/segice.do
All of them say ice cream. But what would they know, right, dude?
-p-
p-diddy @ Mar 16th 2006 5:09AM
fixed link: http://benjerry.com
while I'm at it:
http://www.hphood.com/products/prodList.aspx?id=25
http://kemps.com/products/ice_cream.shtml
None of which call it "iced cream" or "icecream." If you're going to correct someone, maybe you should try being correct first.
-p-
brenda @ Mar 16th 2006 5:19AM
p-diddy is right. There's no iced cream or whatever. Check your dictionary first.
Bre @ Mar 16th 2006 2:43PM
http://www.imakethings.com/2006/03/10/getting-chipped-interviews-with-rfid-pioneers/
TMoney @ Mar 17th 2006 9:40AM
Why do people feel a need to correct words on a website that is read internationally. Mabye where Billy comes from it is ICED CREAM, but here in the US its not. People speak differently, and correctly, all over the world. I'm not going to call out someone from England because they say chips and I say french fries. Lets try to have insightful comments instead.
Ti @ Mar 17th 2006 12:42PM
@22, couldn't agree more.. and it's [tom-ah-to], not [tom-ay-to]. :-p
BTW any fool that doesn't make sure to include simple security measures like data verification should be shot.
windows @ Mar 18th 2006 8:38PM
what does ice cream have to do with any of this again?