The coming era of tracking goods and pets--and perhaps people--with radio-frequency identification (RFID) tags not only carries the danger of privacy violations, but also of new vectors for computer viruses, four computer scientists argued on Wednesday in a paper presented at the IEEE Conference on Pervasive Computing and Communications.
The paper--dramatically titled Is your cat infected with a computer virus?--outlines the potential risks of exploit code and simple viruses using the typically less than 1KB of memory contained in everyday RFID tags. The data, when read by an RFID reader and saved to a backend database, could exploit vulnerabilities in the database, scripting languages, or the "glue code" that connects the reader to the database, according to the paper.
The concerns come as privacy advocates and civil libertarians increasingly worry about the impact that RFID tags will have on society. Even though leaks of RFID data have already occurred, a variety of companies and government agencies--including the U.S. Department of Defense--are looking to track inventory and people with the tags. And while the debate rages over national identity cards, a national directory of RFID tags is in the works.
While no specific vulnerabilities are outlined in the paper, other security experts have criticized RFID systems for their lack of precautions. An attacker could crash the database driving a supermarket checkout system, spread viruses through the RFID chips placed in pets for identification, and used luggage tags to disrupt airport security measures.
Posted by: Robert Lemos