Advances in Radio Frequency Identification (RFID) tags featured high on the agenda at CeBIT this year. But every technological breakthrough is rapidly followed by those seeking to exploit it. Researchers from Vrije Universiteit (VU),
RFID tags are becoming increasingly ubiquitous, making ground in supermarket products, chemical storage, airport luggage tagging and implanted in pets and livestock. As these chips only have a limited memory capacity, it was widely assumed that they could not become infected with a computer virus. However, the VU researchers have now discovered that this is a real possibility and are investigating countermeasures.
PhD candidate Melanie Rieback and her supervisor Prof. Andrew Tanenbaum have found a way of placing a computer virus onto a RFID tag. A malicious virus writer could replicate this process as RFID programming devices are relatively easy to come by. This would mean that when an RFID was scanned, for example at a supermarket checkout or at the vet, the database behind it could become infected and could spread the virus through other scanned items.
The researchers cite an example of how one infected RFID tag is capable of disrupting an entire system with disastrous consequences. The airport at
Fortunately, the threat of infection can be countered using standard measures. Rieback stresses that developers must check their RFID systems, and implement safety procedures and secure programme technology. Although these countermeasures will curb the threat posed by RFID viruses, extra time, money and effort will need to be spent on implementing them.