Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Coming Soon: Viruses Spread By RFID Tags

Radio frequency identification tags (RFID) can be used to spread computer viruses and attack middleware applications and the databases behind them, a group of Netherlands-based scientists said Wednesday.

At an IEEE' conference on pervasive computing in Pisa, Italy, Melanie Rieback, a third-year PhD student at Amsterdam's Vrije Universiteit, presented a paper that outlined the threat to RFID systems and laid out how the small amount of memory in a tag -- in some cases as little as 128 bytes -- could be used to corrupt databases.

RFID tags have been promoted as a more efficient and economical way of tracking products -- from manufacturers to end-users -- and have been thought to be immune from such hacks.

Not so, said Rieback, a U.S. citizen who has studied in the Netherlands for the past five years. "This is a real threat, and it's going to be a larger threat if it's not taken care of," she said Wednesday after presenting her paper "Is Your Cat Infected with a Computer Virus?"

Once a hacker has created a miniature virus -- and perhaps planted a malicious tag on a product in store -- the attack begins as soon as the RFID tag is scanned. Attacks on middleware and the back-end databases, she said, could take the form of buffer overflows, code insertions, and SQL injections (a type of specialized code insertion that tricks a database into running SQL code).

  • 1