& cplSiteName &

Malware in the Air?

Light Reading
LR Mobile News Analysis
Light Reading
3/15/2006
50%
50%

For the first time, researchers have raised the possibility of RFID tags being infected by viruses and worms.

In a paper being presented today at the Pervasive Computing and Communications Conference in Pisa, Italy, sponsored by the Institute of Electrical and Electronics Engineers Inc. (IEEE) , a group of computer scientists show just how susceptible radio-frequency tags may be to malware.

"Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify backend software, and certainly not in a malicious way," the paper's authors write. "Unfortunately, they are wrong."

Under certain conditions, they say, RFID tags can be intentionally infected with viruses that can then find their way into the backend databases used by the RFID software.

As RFID spreads from retail supply-chain applications to a host of uses in logistics, warehousing, and other businesses, the specter of viruses spread from tiny tags via handheld scanners into enterprise software platforms could significantly slow the technology's spread. (See DHL Chips in on RFID.)

Today's presentation in Pisa provides details on how to spread viruses via RFID as well as how to defend against them. The paper is being published, the authors, say, to warn the designers and users of RFID not to deploy vulnerable systems.

"By making code for RFID 'malware' publicly available, we hope to convince them that the problem is serious and had better be dealt with, and fast," said author Andrew Tanenbaum and his colleagues, in a statement.

"Viruses on RFID tags present two issues," comments David Adams, senior vice president for corporate strategy and technology at Denver-based Trenstar, which manages thousands of beer kegs in the United Kingdom using RFID tags. "How to protect the flow of information on the tag itself and how to prevent any virus from making from the tag to our application level that is fed from the RFID network." (See Brewers Tap Into RFID.)

Trenstar, Adams adds, has created a proprietary data structure for information, which searches for corrupted data at each stage in the supply chain where the tags are scanned. The company also analyzes all data flowing into its application layer for known viruses, including RFID-generated data.

"Any good data collection system has to be set up so that it's very specific in what sort of data it's looking to collect," adds Dan Mullen, executive director of AIM Global, a trade association for the barcode and RFID industries. "That's just good practice, and it's been around for a long time."

The paper outlines three scenarios: a prankster who replaces an RFID tag on a jar of peanut butter with an infected tag to infect a supermarket chain's database; a subdermal (i.e., under-the-skin) RFID tag on a pet used to upload a virus into a veterinarian or ASPCA computer system; and, most alarmingly, a radio-frequency bag tag used to infect an airport baggage-handling system. A virus in an airport database could re-infect other bags as they are scanned, which in turn could spread the virus to hub airports as the traveler changes planes.

"Within a day, hundreds of airport databases all over the world could be infected," the authors write. "Merely infecting other tags is the most benign case. An RFID virus could also carry a payload that did other damage to the database -- for example, helping drug smugglers or terrorists hide their baggage from airline and government officials."

The broadness of the authors' claims, however, betrays a lack of understanding of how specific RFID systems are designed, says Mullen.

"If you're looking at an airport baggage system, for instance, you have to know what sort of tag's being used, the structure of the data being collected, and what the scanners are set up to gather," he explains. "Look at it in a vertical application fashion to see what specific concerns might be present there."

A renowned computer scientist, Tanenbaum developed the Minix operating system, a precursor to Linux.

— Richard Martin, Senior Editor, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
From The Founder
Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Interviews
AT&T: Creating Dynamic Networks to Meet Business Needs

5|26|17   |   4:24   |   (0) comments


As enterprises need more dynamic networks, service providers need to deliver on-demand, virtual services to meet those needs. AT&T is creating a networking fabric to mix-and-match SDN technologies for enterprise customers, says Roman Pacewicz, AT&T senior vice president for offer management and service integration, in an interview at Light Reading's
LRTV Interviews
EdgeConneX on Industry Headwinds & Tailwinds

5|26|17   |   2:41   |   (0) comments


At Light Reading's Big Communications Event 2017, EdgeConneX CTO Don MacNeil discussed the value of partnerships in the digital world.
LRTV Documentaries
4 Steps Toward a Higher Network IQ

5|26|17   |     |   (0) comments


At the Big Communications Event in Austin, Texas, EXFO CEO Philippe Morin explains how sensors and analytics can boost a network's intelligence and enable on-demand customer experiences. Find more BCE 2017 coverage here.
LRTV Interviews
BT's McRae Sheds Light on 4K Strategy

5|25|17   |   4:45   |   (0) comments


At Light Reading's Big Communications Event 2017 in Austin, Texas, BT Group's Chief Network Architect Neil McRae talks about what it took for BT to broadcast live sports in 4K. Catch up with all our BCE coverage at http://www.lightreading.com/bce.asp.
From the Founder
How the NIA Aims to Advance NFV

5|25|17   |   08:07   |   (1) comment


Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
LRTV Custom TV
Better Solutions That Address Growing Scale

5|25|17   |     |   (0) comments


For Comcast, the X1 rollout and 17-fold increases in broadband speeds in the past 16 years are among factors driving the need for Energy 2020 solutions that reduce cost and consumption, says Mark Hess.
LRTV Custom TV
Ethernity Network Delivers Instant Offloading of Network Functions With All-Programmable Intelligent NIC

5|25|17   |     |   (0) comments


David Levi, CEO of Ethernity Networks, explains that programmability of the hardware makes the company's All-Programmable Intelligent NIC uniquely beneficial for communications service providers that need advanced data appliances with agile support of virtualization. Utilizing the company's patented network processing technology, Ethernity offers data path ...
LRTV Documentaries
BCE 2017: Vodafone Gets Obsessed With Cloud-Native

5|25|17   |     |   (0) comments


Vodafone's Matt Beal updates us on Project Ocean and explains why simple virtualization isn't enough of a goal for network transformation. Catch up with other BCE 2017 keynotes and news at http://www.lightreading.com/bce.asp.
LRTV Documentaries
BCE 2017: Intel's Take on Network Transformation

5|24|17   |     |   (0) comments


In this BCE 2017 keynote, Lynn Comp discusses Intel's vision for areas such as analytics, automation and service assurance. For more videos and BCE coverage, see http://www.lightreading.com/bce.asp.
LRTV Documentaries
Order From Chaos: The Steve Saunders BCE Keynote

5|24|17   |   17:27   |   (0) comments


Kicking off BCE 2017, Light Reading founder Steve Saunders lays blame for NFV's slow ramp-up and urges telecom to return to old-fashioned standards building and interoperability testing.
Think of this as the video sequel to the recent columns he's written about NFV and the prospect of a telecom app store. (See

LRTV Documentaries
Service Provider Panel: Partnering in the Digital Era

5|22|17   |     |   (0) comments


Coopetition has always been part of telecom, but the ecosphere now includes data centers, vendors, apps developers, cloud service providers and Internet content providers. This BCE 2017 panel explores the new attitudes among network operators as to the value and variety of ...
LRTV Interviews
Site Demo: AT&T's IoT Flow Platform

5|19|17   |   04:25   |   (0) comments


At AT&T's R&D center in Tel Aviv, Israel, project leader Eyal Segev talks about the operator's Flow platform and how it helps to prototype IoT applications.
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Cities Clamor for More Clout at FCC
Mari Silbey, Senior Editor, Cable/Video, 5/23/2017
What's Blocking 4K TV Today
Alan Breznick, Cable/Video Practice Leader, Light Reading, 5/22/2017
Sonus & Genband Finally Combine to Form $745M Company
Dan Jones, Mobile Editor, 5/23/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
TEOCO Founder and CEO Atul Jain talks to Light Reading Founder and CEO Steve Saunders about the challenges around cost control and service monetization in the mobile and IoT sectors.
Animals with Phones
What Brogrammers Look Like to the Rest of Us Click Here
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.