RFID Proof of Concept Virus
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: RFID Proof of Concept Virus

  1. #1
    Senior Member OverdueSpy's Avatar
    Join Date
    Nov 2002
    Posts
    556

    RFID Proof of Concept Virus

    Granted - Not an emergency at this point. But I wonder about badge access to computer rooms or other "secure" work areas. Or the potential to create back doors via inventory management tags/software etc.

    Reference: http://www.networkworld.com/news/200...s-viruses.html
    RFID tags are subject to viruses, study says
    Study finds that RFID tags have several characteristics that could be engineered to exploit vulnerabilities in middleware and back-end databases.
    By Jeremy Kirk, IDG News Service, 03/15/06

    Three computer science researchers are warning that viruses embedded in radio tags used to identify and track goods are right around the corner, a danger so far overlooked by the industry's high interest in the technology.

    No radio frequency identification (RFID) viruses have been released live of now, according to the researchers at Vrije Universiteit Amsterdam in the Netherlands. But RFID tags have several characteristics that could be engineered to exploit vulnerabilities in middleware and back-end databases, they wrote in a paper presented Wednesday at a conference in Pisa, Italy

    "RFID malware is a Pandora's box that has been gathering dust in the corner of our 'smart' warehouses and home," the paper stated.

    The attacks can come in the form of a SQL injection or a buffer overflow attack even though the tags themselves may only store a small bit of information, the paper said. For demonstration purposes, the researchers created a proof-of-concept, self-replicating RFID virus.

    It only took a master's student at the university, Patrick Simpson, four hours to write a virus small enough to fit on an RFID tag, something previously thought unworkable, said Andrew S. Tanenbaum, a professor at Vrije Universiteit Amsterdam. RFID tags can contain as little as 114 bytes of memory, he said.

    Tanenbaum expects vendors to be angry about the publishing of the code. Vendors have dismissed the possibility of RFID viruses, saying that the amount of memory in the tags is too small, he said.

    "You publish all of the code on the Web site, and all of [a] sudden, [vendors] are going to start panicking," Tanenbaum said. "This hopefully will make them take it seriously. This is a wake-up shot before this stuff is deployed in a large scale."

    But the researchers did take precautions to ensure RFID viruses won't immediately circulate. They wrote their own middleware that mimicked traits of products on the market, said Melanie Rieback, one of the paper's authors.

    "It's not like we are providing a cookbook for basically wanna-be hackers to hack real RFID systems," Rieback said.

    The homespun middleware connected to back-end databases from vendors such as Oracle and Microsoft along with open source databases such as MySQL and Postgres, Rieback said. The experiment used RFID equipment from Philips Electronics NV, she said."

    It was actually quite interesting to see that some of the databases were susceptible to some kinds of attacks," Rieback said. "Other ones actually had natural protection mechanisms built in that made them more resistant."

    The purpose of the exercise, the authors wrote, is to encourage RFID middleware designers to be more careful when writing code. Back-end middleware can contain millions of lines of source code, and if software faults number between six to 16 per 1,000 lines of code, the programs are like to have many vulnerabilities, the paper said.

    RFID tags are increasingly being used in a variety of industries to track items and give a real-time view of inventories. The tags contain data on a particular object or, in some cases, embedded in animals, and that data is typically stored in a database.

    Companies can save money by using the tags to keep closer tabs on their property. However, this "pervasive computing utopia has its dark side," the authors wrote.

    RFID systems may be attractive to criminals since the data contained on them may have a financial or personal nature, such as information stored on digital passports. In addition to causing damage to computer systems, RFID malware may have an effect on real-world objects, the paper said.

    Airports are looking to RFID tags to better track baggage. But Tanenbaum warned that this application could pose a large problem if an RFID tag is read and delivers a much larger set of data in return.

    A false tag on a piece of baggage could exploit a buffer overflow, delivering a virus to the RFID middleware, according to Tanenbaum. Once the virus code is on the server, it can infect the databases and corrupt subsequent tags or install "backdoors" - small programs that allow for the extrication of data over the Internet, he said.

    "You can hide baggage," Tanenbaum said. "You can reroute baggage to the wrong place - all kinds of mischief. That's I think a very, very serious thing that even has national security implications."

    The IDG News Service is a Network World affiliate.
    The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    You can read the entire thing on http://www.rfidvirus.org . I read it..

    RFID exploit exploiting the reader.. possible..
    RIFD exploting the database.. possible.. but you would need to know the db.. what tables.. items etc.. probably needs an inside job or a high level knowledge of the system..
    RFID infecting the db and every "new" RFID.. not very likely.. if that would work you would have have to have the crappiest piece of programming in the world..

    My collegues actually know her.. Just as then they still consider everything she says.. BS of the first order.. Personally I don't know her but if she passes her grade with that piece of ... Anybody here on AO, including the newbies and the n00bs can pass it..

    In short.. RFID exploit.. Yes.. RFID virus/worm.. Next to impossible...
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member OverdueSpy's Avatar
    Join Date
    Nov 2002
    Posts
    556
    Thanks for the info SirDice.

    I assuredly don't proclaim to be an expert in this area, so I appreciate any input.
    The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I just don't want to be paying $10,000 for my dozen eggs and a pint of milk....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Banned
    Join Date
    Mar 2006
    Posts
    78
    heh... The funny thing is I was just talking out of my @$$ the other day when I was explaining to a friend how it would be possible to do this. Some theory was used but not much. Anyway... As I assumed someone would eventually write something.

    I just can't wait until a guy hits an onstar database and has cops arresting all types of people who are driving their own cars.

    The only thing I actually don't agree with is: Back-end middleware can contain millions of lines of source code, and if software faults number between six to 16 per 1,000 lines of code, the programs are like to have many vulnerabilities, the paper said.

    That is actually a bit high. I believe it is suppose to be 3-5 normally per 1,000 lines of code. I might be wrong, but that number is stuck in my head from I wanna say 2 or 3 books. But, it is kicking me right now.

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    RFID exploits don't surprise me in the least. While the chick may be loaded with BS, this article supports what I've been suspecting for the last 6 months. Hand helds and new mobile/commerce technologies will be the next front in the exploit/theft arena. How many blue tooth devices do you think are sitting in a starbucks at any time, loaded with personal info? Yes, that's a retoricle question.


    Now, when will Walmart end up on the losing end of something like this?


    Good grab.

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I was at a conference in Vegas last week. I was having a few brews with some major vendors in my current arena and we seriously discussed turning back the clock, so to speak. Simplifying and downsizing our respective IT operations. Heavy government regulation, risk transpired through that very regulations designed to protect information, and the risk of customers leaving etc. Very interesting. The driving forces of business these days are systems designed to mitigate regulation concerns. By removing technology we eliminate the regulators, the risk and the profits. But now the cost of compliance and legal protection is beginning to outweigh the benefit.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  8. #8
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    Maybe a single RFID tag may be too small to contain much of a malware package, but lets say a truckfull of items with tags is coming into a warehouse (a few bytes x 1000 items in truck). Each contains a few bytes of code and exploits a fault in the middleware. The last item in the truck has the final execute code.

    Boom.

    That may be tough to figure now, but give some demon intelligence the time and it would be a reality.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmm,

    I don't see it as a real threat right now, mainly because the technology is still too primitive and the media is too limited in its storage capacity. For an overflow to work, it still has to be capable of executing something at the end of the day.

    It is a bit like the earlier generation of cell phones...................they couldn't handle sufficient code for anything seriously malicious.

    As for airlines sending luggage to the wrong place..............hell, they have been able to do this long before RFID

    Obviously we need to keep an eye on things as technology becomes more sophisticated.


  10. #10
    Member ams2d's Avatar
    Join Date
    Aug 2001
    Location
    Indianapolis
    Posts
    58
    A related news article about this subject:

    Viruses leap to smart radio tags

    Thanks for the link to the full text SirDice very interesting read.

    The mantra should always be "Nothing is secure" especially when developing new technology.

    I just don't want to be paying $10,000 for my dozen eggs and a pint of milk
    True feels like we do that now to fill our vehicles
    Wise men talk because they have something to say;
    fools, because they have to say something.
    Plato

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •