RFID Tags With Viruses – Remote Possibility but Possible

I had to really think and ponder if it was worth informing you of this news – that RFID tag information could be programmed to contain a virus or malicious code which could corrupt (or worse maybe) an RFID database.
However, I think that for those of you who are considering or who have implemented RFID technology in your business (tracking products, inventory, etc) you need to at least have a fair chance and be ALERT to the possibility of viruses – that a study uncovered.
Cnet writes Out of Amsterdam this week came a study entitled “Is your cat infected with a computer virus?” It was conducted by Melanie R. Rieback, Bruno Crispo, and Andrew S. Tanenbaum from Vrije University in Amsterdam. Andrew S. Tanenbaum, professor of computer science, is the author of the Minix operating system. In addition to presenting their work, the authors have launched a Web page of known RFID threats.
Basically, the authors say in their 10-page paper that RFID systems can be exploited; like all software, there’s definite potential for vulnerabilities to be found and exploited in the software back end of the RFID system. The authors found that RFID viruses could be used to corrupt whole databases controlling the back end of the RFID technology using buffer overflows and SQL injections–two methods already used in computer crimes. As the United States and other countries move toward embedding RFID tags into passports, allowing them to be scanned at a distance as the passenger deplanes, the authors of this study would like to see some best practices adopted first.