http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/ Engadget Comments for RFID chips can spread viruses http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 15th 2006 4:01PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 15th 2006 4:21PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 15th 2006 4:28PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/
anything but that!
WHAT HAS THIS WORLD COME TO?]]>Mar 15th 2006 4:29PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 15th 2006 4:31PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 15th 2006 4:37PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 15th 2006 4:47PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 15th 2006 4:51PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/
Of course, this presupposes that most developers can actually design software for the real world.]]>Mar 15th 2006 5:15PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/
Say it looks for a numeric ID on the chip and then queries a DB with "SELECT * FROM `groceries` WHERE `id` = '$RFID' " and someone malicious has coded the chip to return " '; DELETE FROM `groceries` WHERE '' = ' " ... instead of a numeric value. Poof - no more inventory database.]]>Mar 15th 2006 5:37PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/
Plus as said, if you just verify the data read from the tag, you will be fine. I am currently working on a RFID solution, and while possible, in practice I doubt you will see something like this occurring except in rare circumstances.]]>Mar 15th 2006 6:17PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 15th 2006 6:23PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/
Also, who says that an RFID reader is limited to reading only those bits? Could someone provide a brief explanation of the physical limits for particular RFID tokens and readers, and why those limits exist?]]>Mar 15th 2006 6:26PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 15th 2006 7:06PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/
The only bits that exist are 0 and 1. A tag can only hold as much data as memory on the chip. The standard values are 64 (transitional), 96 (will be the most used), and 128 (needed for companies with many products/many serial numbers).

Depending on the encoding, the bits are arranged in specific ways. There are many websites that describe the different encodings. For SGTIN 96 bit, the first 8 bits are the header, the next 3 bits are the object type, the next 3 are the partition, the next 20-40 bits are the Company prefix, the next 24-4 are the item reference (SKU), the next 38 bits are the serial number. The barrier between the the company prefix and item reference can be changed.

A would be hacker could ignore the encoding, and just arrange every 8 bits in to a byte, and encode a string within the tag. This string could be used in a malicious way if the software that interfaces with the reader does not verify the data.

The easy solution in software is to verify that the tag conforms to a specific encoding. The encoding being used should be known in advance, so you can hard code it in to your program.]]>Mar 15th 2006 8:11PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/
To #7 - You are wrong. Go to Ben & Jerry's website: http://www.benjerry.com - they make "Ice Cream" - not any of the wackedout variations you said were correct. ]]>Mar 15th 2006 9:53PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 16th 2006 12:05AMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/>Dude, it is ICED CREAM or ICECREAM, but not ICE CREAM

Not according to
http://benjerrys.com
http://breyers.com/products/ind_product.asp?UPC=77567-25450&brand=Breyers&pageFrom=pickproduct
http://haagendazs.com/segice.do

All of them say ice cream. But what would they know, right, dude?

-p-]]>Mar 16th 2006 4:43AMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://benjerry.com

while I'm at it:

http://www.hphood.com/products/prodList.aspx?id=25
http://kemps.com/products/ice_cream.shtml

None of which call it "iced cream" or "icecream." If you're going to correct someone, maybe you should try being correct first.

-p-]]>Mar 16th 2006 5:09AMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 16th 2006 5:19AMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.imakethings.com/2006/03/10/getting-chipped-interviews-with-rfid-pioneers/]]>Mar 16th 2006 2:43PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 17th 2006 9:40AMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/
BTW any fool that doesn't make sure to include simple security measures like data verification should be shot.]]>Mar 17th 2006 12:42PMhttp://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/http://www.engadget.com/2006/03/15/rfid-chips-can-spread-viruses/Mar 18th 2006 8:38PM