Light Reading

Malware in the Air?

Light Reading
LR Mobile News Analysis
Light Reading
3/15/2006
50%
50%

For the first time, researchers have raised the possibility of RFID tags being infected by viruses and worms.

In a paper being presented today at the Pervasive Computing and Communications Conference in Pisa, Italy, sponsored by the Institute of Electrical and Electronics Engineers Inc. (IEEE) , a group of computer scientists show just how susceptible radio-frequency tags may be to malware.

"Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify backend software, and certainly not in a malicious way," the paper's authors write. "Unfortunately, they are wrong."

Under certain conditions, they say, RFID tags can be intentionally infected with viruses that can then find their way into the backend databases used by the RFID software.

As RFID spreads from retail supply-chain applications to a host of uses in logistics, warehousing, and other businesses, the specter of viruses spread from tiny tags via handheld scanners into enterprise software platforms could significantly slow the technology's spread. (See DHL Chips in on RFID.)

Today's presentation in Pisa provides details on how to spread viruses via RFID as well as how to defend against them. The paper is being published, the authors, say, to warn the designers and users of RFID not to deploy vulnerable systems.

"By making code for RFID 'malware' publicly available, we hope to convince them that the problem is serious and had better be dealt with, and fast," said author Andrew Tanenbaum and his colleagues, in a statement.

"Viruses on RFID tags present two issues," comments David Adams, senior vice president for corporate strategy and technology at Denver-based Trenstar, which manages thousands of beer kegs in the United Kingdom using RFID tags. "How to protect the flow of information on the tag itself and how to prevent any virus from making from the tag to our application level that is fed from the RFID network." (See Brewers Tap Into RFID.)

Trenstar, Adams adds, has created a proprietary data structure for information, which searches for corrupted data at each stage in the supply chain where the tags are scanned. The company also analyzes all data flowing into its application layer for known viruses, including RFID-generated data.

"Any good data collection system has to be set up so that it's very specific in what sort of data it's looking to collect," adds Dan Mullen, executive director of AIM Global, a trade association for the barcode and RFID industries. "That's just good practice, and it's been around for a long time."

The paper outlines three scenarios: a prankster who replaces an RFID tag on a jar of peanut butter with an infected tag to infect a supermarket chain's database; a subdermal (i.e., under-the-skin) RFID tag on a pet used to upload a virus into a veterinarian or ASPCA computer system; and, most alarmingly, a radio-frequency bag tag used to infect an airport baggage-handling system. A virus in an airport database could re-infect other bags as they are scanned, which in turn could spread the virus to hub airports as the traveler changes planes.

"Within a day, hundreds of airport databases all over the world could be infected," the authors write. "Merely infecting other tags is the most benign case. An RFID virus could also carry a payload that did other damage to the database -- for example, helping drug smugglers or terrorists hide their baggage from airline and government officials."

The broadness of the authors' claims, however, betrays a lack of understanding of how specific RFID systems are designed, says Mullen.

"If you're looking at an airport baggage system, for instance, you have to know what sort of tag's being used, the structure of the data being collected, and what the scanners are set up to gather," he explains. "Look at it in a vertical application fashion to see what specific concerns might be present there."

A renowned computer scientist, Tanenbaum developed the Minix operating system, a precursor to Linux.

— Richard Martin, Senior Editor, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
From The Founder
Light Reading sits down at CES with the head of Cisco's service provider video business, Conrad Clemson, to discuss how NFV and cloud security relate to video, the challenge of managing 4K/8K traffic, the global expansion of Netflix and virtual reality.
Flash Poll
Live Streaming Video
CLOUD / MANAGED SERVICES: Prepping Ethernet for the Cloud
Moderator: Ray LeMaistre Panelists: Jeremy Bye, Leonard Sheahan
LRTV Custom TV
Join Us at the Digital Operations Transformation Summit

2|4|16   |   03:52   |   (0) comments


The Digital Operations Transformation Summit on February 21, 2016 at the Crowne Plaza Barcelona Fira Centre will bring together 50 senior executives to engage in a unique debate on the opportunities and challenges presented by the transformative evolving digital landscape. RSVP now at events@lightreading.com.
LRTV Custom TV
Making the Test: ADVA Ensemble Connector vs. Open vSwitch

2|4|16   |   01:28   |   (0) comments


Light Reading, in partnership with EANTC, recently tested ADVA's Ensemble Connector, which replaces open vSwitch and offers carrier-grade capability and interoperability. The test results strengthen ADVA's credibility as a provider in the virtualization space.
LRTV Custom TV
Bridging the Gap Between PoCs & Deployment in NFV

2|4|16   |   31:50   |   (0) comments


Charlie Ashton of Wind River presents the keynote at Light Reading's 2020 Vision executive summit in Dublin.
Between the CEOs
CEO Chat With Mike Aquino

2|3|16   |   17:34   |   (0) comments


The former CEO of Overture Networks, Mike Aquino, discusses why truly open virtualization solutions provide service providers with the greatest choice.
Shades of Ray
MWC: Buckle Up for 5G & the IIoT

2|2|16   |   02:28   |   (0) comments


This year's Mobile World Congress looks set to be a 5G land grab and a chance to get down and dirty with the Industrial Internet of Things (IIoT) – but what will the 5G discussions actually be about?
LRTV Custom TV
Case Study: Building China's Next-Gen TV Networks

2|2|16   |   5:01   |   (0) comments


With over 2 billion viewers worldwide, Shenzhen Media Group is one of China's largest content producers. By partnering with Huawei and Sobey, SZMG was able to modernize media operations with the Converged News Center, a production studio that is a model for next-generation workflows.
LRTV Custom TV
Quad Channel Modulator Driver with 46 Gbaud Capability from MACOM

1|28|16   |     |   (0) comments


MACOM's MAOM-003427 is the industry's first surface-mount modulator driver with 46 Gbaud capability to support next generation 200G and 400G applications.
LRTV Custom TV
Video Infographic: Validating Cisco's NFV Infrastructure

1|26|16   |   02:24   |   (1) comment


We all know that the network of the future will be virtual, but when will virtual become a reality? This video infographic covers the four key areas in which Light Reading, in partnership with EANTC, tested Cisco's NFV infrastructure: performance, reliability, multi-service capabilities and single pane of glass management.

For the full report, see

Between the CEOs
CEO Chat With Phil McKinney, CableLabs

1|22|16   |   13:36   |   (1) comment


At CES in Las Vegas, we met with Phil McKinney, CEO of CableLabs. Phil provides an update on the rollout of DOCSIS 3.1, his views on the future of open source and how consumer interest in virtual reality could affect network traffic.
Between the CEOs
Ericsson CTO on the Changing Telecom Market

1|21|16   |   10:26   |   (0) comments


At CES 2015, CTO of Ericsson, Ulf Ewaldsson, sits down with CEO of Light Reading, Steve Saunders, to discuss the changing telecom market, the new partnership with Cisco and the future of the telecom industry.
LRTV Interviews
Ireland's Data Dream

1|21|16   |   14:31   |   (0) comments


Host In Ireland president Gary Connolly tells Light Reading's Steve Saunders about the role Ireland is playing in hosting data for the world's largest organizations.
LRTV Custom TV
Brocade Keynote: Transitioning to the New IP

1|20|16   |   27:23   |   (0) comments


At 2020 Vision in Dublin, Andrew Coward, VP of Service Provider Strategy at Brocade, presents the transition to the New IP.
Infographics
Cisco's latest VNI numbers suggest the world will be using 366.8 exabytes of data on smartphones and Internet of Things devices, up from 44.2 exabytes, in 2015.
Hot Topics
Alphabet Is Serious About Google Fiber
Mari Silbey, Senior Editor, Cable/Video, 2/1/2016
Did Juniper Pay 'Peanuts' for BTI?
Mitch Wagner, West Coast Bureau Chief, Light Reading, 2/2/2016
Google's 5G Radio Ambitions Are Expanding
Dan Jones, Mobile Editor, 2/5/2016
How Data Center Outsourcing Fuels AT&T NetBond Growth
Carol Wilson, Editor-at-large, 2/3/2016
3.5GHz Startup Gets $22M for Small Cells
Dan Jones, Mobile Editor, 2/2/2016
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
The former CEO of Overture Networks, Mike Aquino, discusses why truly open virtualization solutions provide service providers with the greatest choice.
As anyone who knows me will tell you, I like to think I know a fair bit about this next-gen-comms malarkey, but there's nothing like an interview with one of the ...
Animals with Phones
Happy Groundhogs for Technology Day! Click Here
Live Digital Audio

Broadband speeds are ramping up across Europe as the continent, at its own pace, follows North America towards a gigabit society. But there are many steps to take on the road to gigabit broadband availability and a number of technology options that can meet the various requirements of Europe’s high-speed fixed broadband network operators. During this radio show we will look at some of the catalysts for broadband network investments and examine the menu of technology options on offer, including vectoring and G.fast for copper plant evolution and the various deployment possibilities for FTTH/B.