| Click for the Finfacts Ireland Portal Homepage |

Finfacts Business News Centre

News Main Page 
 
 News
 Irish
 European
 International
 Asia-Pacific Business Week
 
 Analysis/Comment

RSS FEED


How to use our RSS feed
 
Web Finfacts

Welcome

Finfacts is Ireland's leading business information site and you are in its business news section.

We provide access to live business television and business related videos from: Bloomberg TV; The Wall Street Journal; CNBC and the Financial Times. Click image:

Links

Finfacts Homepage

Global News

Bloomberg News

CNN Money

Cnet Tech News

Newspapers

Irish Independent

Irish Times

Irish Examiner

New York Times

Financial Times

Technology News

 

Feedback

 
Search

News : International Last Updated: Dec 19th, 2007 - 13:17:15

RFID Chips: Is your cat infected with a Computer Virus?
By Finfacts Team
Mar 15, 2006, 06:38

 		Email this article
 Printer friendly page

A group of European computer researchers have demonstrated that it is possible to insert a software virus into radio frequency identification tags, part of a microchip-based tracking technology in growing use in commercial and security applications.

In a paper to be presented today at an academic computing conference in Pisa, Italy, the researchers plan to show how it is possible to infect a tiny portion of memory in the chip, which can hold as little as 128 characters of information.

Until now, many computer security experts have dismissed the possibility of using such tags, known as RFID chips, to spread a computer virus because of the tiny amount of memory on the chips.

The tracking systems are intended to improve the accuracy and lower the cost of tracking goods in supply chains, warehouses and stores. Radio tags store far more data about a product than bar codes and can be read more quickly. They have even been injected into pets and livestock for identification.

The chips have already raised concerns over privacy and surveillance, given their tracking ability. Now the researchers have added a series of prospects, including the ability of terrorists and smugglers to evade airport luggage scanning systems that will use RFID tags in the future.

In the researchers' paper, "Is Your Cat Infected With a Computer Virus?," the group, affiliated with the computer science department at Vrije Universiteit in Amsterdam, also describes how the vulnerability could be used to undermine a variety of tracking systems.

The authors ask: Is your cat infected with a computer virus? They say that it might be. Many pets, as well as commercial livestock, have been injected with a tiny microchip that can identify them if they get lost (pets) or are later found to habor disease (livestock). Up until now, no one thought these microchips, called RFID tags, could themselves be infected with computer viruses. Now researchers at the Vrije Universiteit have discovered that computer viruses in animals, supermarket products, airline baggages and other physical objects are a real threat. Fortunately, the VU researchers have also produced some countermeasures that companies can take to prevent these RFID viruses from attacking.

RFID tags are tiny, inexpensive microchips that can be attached to physical objects, such as products in a supermarket, or injected into animals. When a specialized kind of chip reader attached to a computer sends out a radio wave on a certain frequency, all RFID tags within range respond to it by identifying themselves. The retail sector, for example, is planning to replace the now-familiar bar code with RFID tags in the coming years because RFID-tagged products can be scanned much faster and more accurately than products with bar codes. In some cases, the scanning will be automatic: as the customer walks out of the store, all the products he or she has will be scanned, along with the customer's bank or credit card. The charge will then appear directly on the bank or credit card statement, with no human intervention. Walmart, the world's largest store, is planning to introduce RFID chips in the next few years, which will result in many manufacturers putting RFID tags on their products.

RFID tags are also being used for many other applications, including public transit tickets, toll payments on highways (EZ-pass), pet and livestock tracking, baggage management at airports, ski-lift passes, and many more.

These tags, which are already controversial due to their unresolved privacy issues, now face a new problem: computer viruses. Researchers at the Vrije Universiteit in Amsterdam have discovered how to put a computer virus on an RFID tag, something previously thought impossible due to the tag's limited memory.

Melanie Rieback, a Ph.D. student supervised by Andrew Tanenbaum, gave a live demonstration of an RFID virus on 15 March at the Fourth Annual IEEE Conference on Pervasive Computing and Communications (IEEE PerCom) in Pisa, Italy. Rieback's paper, entitled 'Is Your Cat Infected with a Computer Virus,' provides the first-ever exposition of RFID malware (viruses worms, and related digital pests). Her paper, a candidate for the Best Paper Award, explains how attackers can use RFID tags to compromise the databases used by all RFID applications (for example, the supermarket's product and price database). The attacks exploit the same software weaknesses that PC viruses and worms do and can have the same devastating consequences.

Once a single infected RFID tag is injected into the system, the virus can spread. Here is an example scenario: starting in May 2006, the Las Vegas airport, which handles 2 million bags a month, will start using RFID tags to label baggage in an attempt to speed up baggage handling. A malicious individual could put an infected RFID tag on his suitcase (or someone else's suitcase). The bag will be scanned when approaching a Y-junction, to determine which direction it should go. However the mere act of scanning could infect the airport's baggage database, and as a result, all bags checked in after could receive infected baggage labels. As these bags move to other airports, they would be rescanned -- and within 24 hours, hundreds of airports could be infected worldwide. A smuggler or terrorist using this technique could hide baggage from airline and government officials. Or a recently-fired airline employee could get revenge on his ex-employer by routing its bags destined for Greece to Siberia.

Fortunately, there is a number of relatively standard countermeasures that can reduce the threat of RFID viruses. Rieback's paper emphasizes that RFID developers need to conduct audits, and must not neglect to apply safe programming and good security practices. However, while countermeasures can help reduce the threat of RFID viruses, they take time, people, and money to implement. Therefore, it is essential that RFID developers and deployers check the security of their RFID systems now -- before their software achieves widespread deployment.

More information about RFID viruses can be found on the World Wide Web at www.rfidvirus.org. The IEEE PerCom paper 'Is Your Cat Infected with a Computer Virus' is located here.  Additionally, the VU research team has conducted extensive work on RFID security and privacy protection, resulting in the RFID Guardian, a personal device for RFID privacy management. The RFID Guardian project homepage is located here.


© Copyright 2007 by Finfacts.com

Top of Page
International
Latest Headlines
Markets News Wednesday: Stocks deep in red ink across the globe: Asia-Pacific and Europe slump following grim day in New York
Apple launches MacBook Air - the world’s thinnest notebook
Europe suffered a slowdown in labour productivity in 2007; Rich countries face struggle to achieve rises in living standards
Wednesday Newspaper Review - Irish Business News and International Stories
Intel reports 51% rise in Q4 2007 net income but cautious outlook for 2008 sends shares plunging 14% in after-hours trading
Markets News Afternoon: Citi rains heavily on markets in Europe and US - Dublin plunges almost 4%
US retail sales fell in December signalling that consumer spending is under strain; Producer/Wholesale prices rose 6.3% in 2007 - the highest since 1981
Citigroup reported Q4 2007 loss of $9.83 billion; Write-downs and increased credit costs were a massive $22.2 billion
Markets News Tuesday: Citi bad news awaited; Markets fall in Asia-Pacific and Europe; Dollar up from near record low against Euro; Gold price over $900
Hong Kong and Singapore again head Index of Economic Freedom; Ireland gets third ranking
Tuesday Newspaper Review - Irish Business News and International Stories
US Hedge Fund Index shows return of 11.15% in 2007 - More than double the S&P 500 performance
Markets News Afternoon: Stocks rally in US and Europe boosted by positive fourth quarter data from IBM and SAP
IBM reports strong fourth quarter preliminary earnings boosted by Asia, Europe and Emerging Countries
Markets News Monday: Start of US fourth quarter earnings season has investors worried about how banks and brokerages have performed
Monday Newspaper Review - Irish Business News and International Stories
US study says Environmental Factors shaping New Global Economy
Markets News Afternoon: Report say Merrill Lynch will announce $15bn loss next week; Stocks down in US and Europe - Dublin market up; Gold tops $900
US trade deficit increased to $63.1 billion in November
OECD Composite Leading Indicators signal a downswing in all major OECD economies