Light Reading

Malware in the Air?

Light Reading
LR Mobile News Analysis
Light Reading
3/15/2006
50%
50%

For the first time, researchers have raised the possibility of RFID tags being infected by viruses and worms.

In a paper being presented today at the Pervasive Computing and Communications Conference in Pisa, Italy, sponsored by the Institute of Electrical and Electronics Engineers Inc. (IEEE) , a group of computer scientists show just how susceptible radio-frequency tags may be to malware.

"Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify backend software, and certainly not in a malicious way," the paper's authors write. "Unfortunately, they are wrong."

Under certain conditions, they say, RFID tags can be intentionally infected with viruses that can then find their way into the backend databases used by the RFID software.

As RFID spreads from retail supply-chain applications to a host of uses in logistics, warehousing, and other businesses, the specter of viruses spread from tiny tags via handheld scanners into enterprise software platforms could significantly slow the technology's spread. (See DHL Chips in on RFID.)

Today's presentation in Pisa provides details on how to spread viruses via RFID as well as how to defend against them. The paper is being published, the authors, say, to warn the designers and users of RFID not to deploy vulnerable systems.

"By making code for RFID 'malware' publicly available, we hope to convince them that the problem is serious and had better be dealt with, and fast," said author Andrew Tanenbaum and his colleagues, in a statement.

"Viruses on RFID tags present two issues," comments David Adams, senior vice president for corporate strategy and technology at Denver-based Trenstar, which manages thousands of beer kegs in the United Kingdom using RFID tags. "How to protect the flow of information on the tag itself and how to prevent any virus from making from the tag to our application level that is fed from the RFID network." (See Brewers Tap Into RFID.)

Trenstar, Adams adds, has created a proprietary data structure for information, which searches for corrupted data at each stage in the supply chain where the tags are scanned. The company also analyzes all data flowing into its application layer for known viruses, including RFID-generated data.

"Any good data collection system has to be set up so that it's very specific in what sort of data it's looking to collect," adds Dan Mullen, executive director of AIM Global, a trade association for the barcode and RFID industries. "That's just good practice, and it's been around for a long time."

The paper outlines three scenarios: a prankster who replaces an RFID tag on a jar of peanut butter with an infected tag to infect a supermarket chain's database; a subdermal (i.e., under-the-skin) RFID tag on a pet used to upload a virus into a veterinarian or ASPCA computer system; and, most alarmingly, a radio-frequency bag tag used to infect an airport baggage-handling system. A virus in an airport database could re-infect other bags as they are scanned, which in turn could spread the virus to hub airports as the traveler changes planes.

"Within a day, hundreds of airport databases all over the world could be infected," the authors write. "Merely infecting other tags is the most benign case. An RFID virus could also carry a payload that did other damage to the database -- for example, helping drug smugglers or terrorists hide their baggage from airline and government officials."

The broadness of the authors' claims, however, betrays a lack of understanding of how specific RFID systems are designed, says Mullen.

"If you're looking at an airport baggage system, for instance, you have to know what sort of tag's being used, the structure of the data being collected, and what the scanners are set up to gather," he explains. "Look at it in a vertical application fashion to see what specific concerns might be present there."

A renowned computer scientist, Tanenbaum developed the Minix operating system, a precursor to Linux.

— Richard Martin, Senior Editor, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Flash Poll
From The Founder
The Swedish vendor has undergone a significant transformation during the past few years, adjusting to the demands of next-generation communications companies.
LRTV Documentaries
The 3GPP's Road to 5G Standardization

4|17|15   |   4:43   |   (0) comments


Satoshi Nagata, chairman of the 3GPP's TSG-RAN group and a manager at NTT Docomo, explains the standardization process for 5G, as well as the biggest challenges and opportunities.
LRTV Documentaries
AlcaLu CTO Makes the Case for a New 5G Air Interface

4|16|15   |   3:54   |   (0) comments


Michael Peeters, CTO of wireless at Alcatel-Lucent, explains why 5G will require a new air interface to meet its diverse performance targets.
LRTV Documentaries
AlcaLu + Nokia: The New Uber-Vendor

4|15|15   |   2:42   |   (4) comments


Heavy Reading Senior Analyst Gabriel Brown discusses the technological and competitive opportunities and challenges if a merger between Alcatel-Lucent and Nokia comes to pass.
LRTV Huawei Video Resource Center
Huawei's Data Center Power Play

4|15|15   |   6:22   |   (0) comments


Huawei has developed industry-leading energy efficiency capabilities for its indoor and outdoor data center solutions, explains Dr. Fang Liangzhou, vice president of Huawei's Network Energy product Line.
LRTV Huawei Video Resource Center
Huawei’s Routers, Switches Get the Green Mark

4|15|15   |   2:02   |   (0) comments


TUV Rheinland's Frank Dudley explains how Huawei's routers and switches have been successfully tested by energy efficiency experts and have gained Green Mark Certification.
LRTV Documentaries
A Finn, a Frenchman & a Guy From New Jersey Walk Into a Merger...

4|15|15   |   3:17   |   (0) comments


Stop us if you've heard this one before... Light Reading CEO Founder & CEO Steve Saunders weighs in on the technical and cultural implications of a Nokia and Alcatel-Lucent merger.
LRTV Huawei Video Resource Center
Accounting for Better Solutions

4|10|15   |   02:31   |   (1) comment


Murad Yousuf, CTO at Saudi Arabia's Ministry of Finance (Dept. of Zakat & Income Tax), talks about the benefits of deploying router technology from Huawei.
LRTV Huawei Video Resource Center
What's in Store for Huawei & DataCore?

4|10|15   |   05:44   |   (0) comments


At the CeBIT trade show in Hannover, Germany, George Teixeira, CEO of software-defined storage (SDS) specialist DataCore Software, explains why he has just signed a partnership agreement with Huawei Technologies.
LRTV Huawei Video Resource Center
Du Puts Its Faith in Huawei's Routers

4|9|15   |   3:42   |   (0) comments


Adnan Masood, director of Enterprise MS Solutions Marketing at du, the United Arab Emirates (UAE) operator also known as Emirates Integrated Telecommunications Company, explains why his company chose to use Huawei's multifunctional AR routers as part of its managed enterprise services.
LRTV Huawei Video Resource Center
Huawei Gets Active in the Data Center

4|9|15   |   3:17   |   (0) comments


With enterprise users looking to maximize the use of their data center assets, Huawei’s Chief Architect & Technical Director of IT Data Center Solutions, Bruce Su, explains how the company's six-layer active-active data center solution is eradicating the need to deploy passive, redundant data center assets.
LRTV Huawei Video Resource Center
Blue Consult & Huawei for a Better Solution

4|8|15   |   4:01   |   (0) comments


Martin Rott, CEO, and Marc Metzler, head of sales virtualization, from Germany's Blue Consult discuss their collaboration with Huawei and TrendMicro to develop a secure, scalable IT platform that can meet the needs of the most demanding enterprise users.
LRTV Huawei Video Resource Center
Beach Petroleum on eLTE & Mining

4|8|15   |   3:09   |   (0) comments


Network systems integrator Jeremy Hamlyn explains how Huawei's secure packet-based trunking communications system, eLTE, can help remote communities and companies in the mining, oil and gas sectors, deploy efficient communications networks that are perfect for video and data as well as voice.
Upcoming Live Events
May 5, 2015, Hyatt McCormick Place, Chicago, IL
May 6, 2015, Georgia World Congress, Atlanta, GA
May 12, 2015, Grand Hyatt, Denver, CO
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 8, 2015, Chicago, IL
June 9-10, 2015, Chicago, IL
June 9, 2015, Chicago, IL
June 10, 2015, Chicago, IL
September 29-30, 2015, The Westin Grand Müchen, Munich, Germany
November 11-12, 2015, The Westin Peachtree Plaza, Atlanta, GA
All Upcoming Live Events
Infographics
Network Instruments, a JDSU division, shares results from its 2015 State of the Network, a global survey on security.
Hot Topics
Verizon Scores New OTT Content Deals
Mari Silbey, Independent Technology Editor, 4/16/2015
Can WiFi Calling Find Its Voice?
Iain Morris, News Editor, 4/13/2015
Senator Proposes New 'Title X' for Net Neutrality
Carol Wilson, Editor-at-large, 4/13/2015
Nokia, Alcatel-Lucent in Merger Talks
Iain Morris, News Editor, 4/14/2015
Nokia & Alcatel-Lucent: What's Going On?
Ray Le Maistre, Editor-in-chief, 4/15/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
Data Center Interconnect, or DCI, is one of the hottest sectors in telecom currently. Since coming back to Light Reading last year, prodigal-son style, I've ...
LR CEO and Founder Steve Saunders sits down with the head of Qosmos to talk about the changing state of the art in deep packet inspection technology, including its role in SDN and NFV architectures.