Computerworld is reporting the first demo of a self-replicating RFID virus. There is no immediate danger of falsely reported inventory or any other disaster, but it is a heads-up for the companies to be careful and take steps to secure the applications.
RFIDVirus.org states:
“Here is where the trouble comes in. Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify back-end software, and certainly not in a malicious way. Unfortunately, they are wrong. In our research, we have discovered that if certain vulnerabilities exist in the RFID software, an RFID tag can be (intentionall) infected with a virus and this virus can infect the backend database used by the RFID software. From there it can be easily spread to other RFID tags. No one thought this possible until now. Later in this website we provide all the details on how to do this and how to defend against it in order to warn the designers of RFID systems not to deploy vulnerable systems.”
That is one scary thought. Read more …
