resource center
  See your link here
|
Subscribe to Computerworld IDG News Service - Three computer science researchers are warning that viruses embedded in radio tags used to identify and track goods are right around the corner, a danger that so far has been overlooked by the industry's high interest in the technology.
No viruses targeting radio frequency identification (RFID) technology have been released live yet, according to the researchers at Vrije Universiteit Amsterdam in the Netherlands. But RFID tags have several characteristics that could be engineered to exploit vulnerabilities in middleware and back-end databases, they wrote in a paper presented today at a conference in Pisa, Italy.
"RFID malware is a Pandora's box that has been gathering dust in the corner of our 'smart' warehouses and home," the paper stated.
The attacks can come in the form of a SQL injection or a buffer overflow attack even though the tags themselves may only store a small bit of information, the paper said. For demonstration purposes, the researchers created a proof-of-concept, self-replicating RFID virus.
Patrick Simpson, a master's student at the university, needed only four hours to write a virus small enough to fit on a RFID tag, something previously thought unworkable, said Andrew S. Tanenbaum, a professor at Vrije Universiteit Amsterdam. RFID tags can contain as little as 114 bytes of memory, he said.
Tanenbaum expects vendors to be angry about the publishing of the code. Vendors have dismissed the possibility of RFID viruses, saying that the amount of memory in the tags is too small, he said.
But the researchers did take precautions to ensure RFID viruses won't immediately circulate. They wrote their own middleware that mimicked traits of products on the market, said Melanie R. Rieback, one of the paper's authors.
"It's not like we are providing a cookbook for basically wannabe hackers to hack real RFID systems," Rieback said.
The homespun middleware connected to back-end databases from vendors such as Oracle Corp. and Microsoft Corp. along with open-source databases such as MySQL and Postgres, Rieback said. The experiment used RFID equipment from Philips Electronics NV, she said.
"It was actually quite interesting to see that some of the databases were susceptible to some kinds of attacks," Rieback said. "Other ones actually had natural protection mechanisms built in that made them more resistant."
The purpose of the exercise, the authors wrote, is to encourage RFID middleware designers to be more careful when writing code. Back-end middleware can contain millions of lines of source code, and if software faults number between six and 16 per 1,000 lines of code, the programs are likely to have many vulnerabilities, the paper said.
IDG.net
2007 Gartner Magic Quadrant Report
Riverbed positioned in Leaders Quadrant of Gartner Magic Quadrant for WAN Optimization Controllers. Analyzing strengths vs. cautions, Gartner helps organizations looking to acquire...
5 Best Practice Tips for Managing BlackBerry, iPhone, & Windows Mobile Devices
(Source: Zenprise) Mobile devices continue to proliferate across the enterprise, driven largely by the increase in worker productivity, efficiency, and flexibility they provide....
Forrester Consulting - Optimizing Users and Applications in a Mobile World
Are your workers going increasingly mobile? Don't wait for their calls to slam Support when they experience poor application performance on the road....
Managing Laptops Outside the Office
(Source: Absolute Software) In this webinar, learn how you can reduce costs by tracking mobile computers no matter where they are located. Featuring...
IT Best Practices: To Support or Not Support Consumer Owned Smartphones
Companies have historically standardized on a single smartphone platform. Of late, IT is facing pressure to support the increasing influx of consumer owned...
What Are 'Free' Remote Support Tools Really Costing You?
(Source: LogMeIn) In this webinar from LogMeIn, discover how "next generation" remote support tools are optimized to provide advanced capabilities like scripting, system...
Lennox Goes Mobile and Increases Service Performance by 50%
This white paper explains how Lennox remedied major system malfunctions with Aeroprise Mobility for BMC Remedy Service Desk on smartphones....
IT Strategies for Remotely Supporting a Distributed Workforce
(Source: Citrix Online) Today's workforce is a distributed one - workers across industries are telecommuting, working out of satellite offices and connecting into...
Realizing Rapid ROI Through Mobility
Companies are reaping the benefits from mobile CRM, field service and sales force automation processes with the latest Research In Motion (RIM) offerings....
Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....
Sign up to receive updates on the latest Mobile and Wireless resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
