Light Reading

Malware in the Air?

Light Reading
LR Mobile News Analysis
Light Reading

For the first time, researchers have raised the possibility of RFID tags being infected by viruses and worms.

In a paper being presented today at the Pervasive Computing and Communications Conference in Pisa, Italy, sponsored by the Institute of Electrical and Electronics Engineers Inc. (IEEE) , a group of computer scientists show just how susceptible radio-frequency tags may be to malware.

"Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify backend software, and certainly not in a malicious way," the paper's authors write. "Unfortunately, they are wrong."

Under certain conditions, they say, RFID tags can be intentionally infected with viruses that can then find their way into the backend databases used by the RFID software.

As RFID spreads from retail supply-chain applications to a host of uses in logistics, warehousing, and other businesses, the specter of viruses spread from tiny tags via handheld scanners into enterprise software platforms could significantly slow the technology's spread. (See DHL Chips in on RFID.)

Today's presentation in Pisa provides details on how to spread viruses via RFID as well as how to defend against them. The paper is being published, the authors, say, to warn the designers and users of RFID not to deploy vulnerable systems.

"By making code for RFID 'malware' publicly available, we hope to convince them that the problem is serious and had better be dealt with, and fast," said author Andrew Tanenbaum and his colleagues, in a statement.

"Viruses on RFID tags present two issues," comments David Adams, senior vice president for corporate strategy and technology at Denver-based Trenstar, which manages thousands of beer kegs in the United Kingdom using RFID tags. "How to protect the flow of information on the tag itself and how to prevent any virus from making from the tag to our application level that is fed from the RFID network." (See Brewers Tap Into RFID.)

Trenstar, Adams adds, has created a proprietary data structure for information, which searches for corrupted data at each stage in the supply chain where the tags are scanned. The company also analyzes all data flowing into its application layer for known viruses, including RFID-generated data.

"Any good data collection system has to be set up so that it's very specific in what sort of data it's looking to collect," adds Dan Mullen, executive director of AIM Global, a trade association for the barcode and RFID industries. "That's just good practice, and it's been around for a long time."

The paper outlines three scenarios: a prankster who replaces an RFID tag on a jar of peanut butter with an infected tag to infect a supermarket chain's database; a subdermal (i.e., under-the-skin) RFID tag on a pet used to upload a virus into a veterinarian or ASPCA computer system; and, most alarmingly, a radio-frequency bag tag used to infect an airport baggage-handling system. A virus in an airport database could re-infect other bags as they are scanned, which in turn could spread the virus to hub airports as the traveler changes planes.

"Within a day, hundreds of airport databases all over the world could be infected," the authors write. "Merely infecting other tags is the most benign case. An RFID virus could also carry a payload that did other damage to the database -- for example, helping drug smugglers or terrorists hide their baggage from airline and government officials."

The broadness of the authors' claims, however, betrays a lack of understanding of how specific RFID systems are designed, says Mullen.

"If you're looking at an airport baggage system, for instance, you have to know what sort of tag's being used, the structure of the data being collected, and what the scanners are set up to gather," he explains. "Look at it in a vertical application fashion to see what specific concerns might be present there."

A renowned computer scientist, Tanenbaum developed the Minix operating system, a precursor to Linux.

— Richard Martin, Senior Editor, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
From The Founder
Steve Saunders provides an overview of white box networking and introduces a new "slim line" version of the OSI 7-layer model.
Flash Poll
Live Streaming Video
CLOUD / MANAGED SERVICES: Prepping Ethernet for the Cloud
Moderator: Ray LeMaistre Panelists: Jeremy Bye, Leonard Sheahan
LRTV Custom TV
Delivering Service Agility in the Virtualization Era

11|25|15   |   5.41   |   (0) comments

Interview with Massimo Fatato, WW OSS Business Lead, Hewlett Packard Enterprise.
Wagner’s Ring
How Might Open Source Fail?

11|24|15   |     |   (7) comments

Open source, SDN, and NFV are looking inevitable – but performance, standards proliferation and regulatory capture could derail the movement.
LRTV Custom TV
NFV Lifecycle Orchestration – a Fresh Vision for Telco

11|23|15   |   6.40   |   (0) comments

Simon Osborne, CTO Comptel, and Heavy Reading's Caroline Chappell reveal the business impacts of new SDN and NFV, and what the term service orchestration actually means. Together they define Lifecycle Service Orchestration and how the virtualized future will look for telecoms operators.
Between the CEOs
Cisco's Virtual Role in Saudi

11|20|15   |   12:15   |   (1) comment

Light Reading founder and CEO Steve Saunders talks with Zayan Sadek, Regional Manager at Cisco Systems, about the competitive communications services market and advance of virtualization in Saudi Arabia.
LRTV Huawei Video Resource Center
Huawei Leads With Kubernetes for Cloud PaaS

11|19|15   |   08:26   |   (0) comments

Huawei is looking to Kubernetes as a key tool for building robust open source technologies for customers and partners, said Ying Xiong, chief architect of cloud platform at Huawei, in an interview with Light Reading West Coast Bureau Chief Mitch Wagner at the recent Kubecon conference.
Women in Comms Introduction Videos
WiC in London: The Highlight Reel

11|19|15   |   5:33   |   (1) comment

NetCracker's Mervat El Dabae headlines an inspiring morning in London with help from leading women from Vodafone, TalkTalk, Hyperoptics and Ciena.
LRTV Documentaries
Why Saudi's So Hot for New Tech

11|19|15   |   05:07   |   (0) comments

Light Reading's Steve Saunders reports from Saudi Arabia, a hyper-competitive market desperate to embrace the next generation of communications technologies and services.
LRTV Custom TV
Why Data Models Deliver More Value Than Information Models

11|19|15   |   5.08   |   (0) comments

Stefan Vallin argues that more automation is needed to manage end-to-end services and the hybrid networks they run on, and that data models are key to achieving this.
Telecom Innovators Video Showcase
SDN Management & Orchestration in the WAN

11|17|15   |   7.20   |   (0) comments

Carol Wilson and Packet Design CTO Cengiz Alaettinoglu discuss CSPs' SDN service delivery and assurance requirements. Learn about a modular approach to building automated control, orchestration and management functions for the WAN that are policy- and analytics-driven.
LRTV Custom TV
Flash Networks: Optimizing for Radio Spectral Efficiency

11|17|15   |   3:34   |   (0) comments

Today most optimization vendors only focus on optimizing voice or data. Ofer Gottfried, Flash Networks' CTO, shows how improving data throughput and maximizing spectral efficiency reduces capital and operating expenses while also providing a platform for user engagement.
LRTV Custom TV
Making Pay-TV User Experiences Millennial-Friendly

11|16|15   |   6:42   |   (0) comments

The unique challenge of reaching and engaging Millennials is driving pay-TV video experience transformation that can include higher quality UIs, viewing of multiple content streams at once and seamless transitions between handheld devices and the television.
LRTV Huawei Video Resource Center
Huawei Electric Power Summit 2015 – Addis Ababa, Ethiopia

11|16|15   |   1:28   |   (0) comments

Huawei, together with Ethiopia's Ministry of Water, Irrigation and Electricity, hosted the Huawei Electric Power Summit 2015 in Addis Ababa, Ethiopia. The event gathered industry experts and senior executives of global electric power companies to discuss emerging industry trends including: improvements in new energy conversion efficiency, reduction of line losses ...
Allot MobileTrends Report H2/2015 reveals how daily online behavior can be used to discover smarter ways to profile customers and propose valuable, real-time offers to them.
Hot Topics
Samsung to Sell Wireless Networking Unit?
Dan Jones, Mobile Editor, 11/23/2015
Sprint Undercuts Rivals With Half-Price Offers
Dan Jones, Mobile Editor, 11/18/2015
Sprint, Verizon Face Reorganization, Job Cuts
Dan Jones, Mobile Editor, 11/20/2015
Sprint to Get $1.2B From New Leasing Venture
Dan Jones, Mobile Editor, 11/23/2015
How Might Open Source Fail?
Mitch Wagner, West Coast Bureau Chief, Light Reading, 11/24/2015
Like Us on Facebook
Twitter Feed
December 15, 2015
Virtualizing Cable Services
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
Light Reading founder and CEO Steve Saunders talks with Zayan Sadek, Regional Manager at Cisco Systems, about the competitive communications services market and advance of virtualization in Saudi Arabia.
Mobily CEO Ahmad Farroukh talks to Steve Saunders about the realities of being a mobile operator in Saudi Arabia.
Cats with Phones
Can't Find the Phone on Thanksgiving? Click Here
Check under the cat! (hint: bottom right)
Live Digital Audio

Broadband speeds are ramping up across Europe as the continent, at its own pace, follows North America towards a gigabit society. But there are many steps to take on the road to gigabit broadband availability and a number of technology options that can meet the various requirements of Europe’s high-speed fixed broadband network operators. During this radio show we will look at some of the catalysts for broadband network investments and examine the menu of technology options on offer, including vectoring and for copper plant evolution and the various deployment possibilities for FTTH/B.