Thursday, March 16, 2006

RFID viruses

Computers and communication devices shrinked down at a very fast rate to the size of RFID and MEMS. RFID is a small computer-in-chip, that can be knitted with many things that we want to track. RFID transponders are usually no power circuits (not always), they are powered by an external reading device, called RFID reader. Usually RFID reader can sense only the RFID within some 50m distance. An RFID reader deciphers the query passed by the RFID transponder, to recoganize its properties. It has many application from tracking trucks to identifying your passport.

Since RFID is a computer, it can also spread virus. RFID attacks have become as common as RFIDs. Most of these attacks are normally fake RFID. That is RFID tags, that are doctored to carefully to send properly formatted, but fake data to the reader. This can result in identification problems, and mislocation problems. The attacks also include sniffing, spoofing, and even denial of service. But so far, all the RFID attacks are classified only in this category. But all these attacks are just admonitions. RFID tags can actually be used to host some serious SQL injection attacks. So the software writers for RFID readers should make appropriate security checks in its middleware to avoid these attacks. A recent whitepaper has actually shown a proof of concept of how an SQL injection can be done using RFID.

This threat is really serious and should be taken care of. Because it is very, very difficult to find and nail the hacker, who exploited the loophole. It is not internet, that you can track her through IP-address or machine address and the attacker would still keep the connection with that device or service provider. So before RFID breaks the digital divide and spreads to everybody, all these issues have to be tackled.

No comments:

Post a Comment