Download - Researchers craft first RFID virus
R E L A T E D C O N T E N T
Similar articles
Western Europe slowly waking up to RFID
Build your own RFID-blocking wallet
Legal fears hold back RFID adoption
vnunet.com Asia news wrap: 27 January 2006
Experts unconcerned by RFID virus
Apple fixes 'extremely critical' OS X flaws
Windows graphics bug
Researchers craft first RFID virus
RFID systems open to viruses
Tom Sanders in California, vnunet.com 15 Mar 2006
Researchers at the VU Amsterdam universityclaim to have crafted the world's first RFID viruses and worms.
Organisations are using or looking to use the wireless identification tags at checkout stands in stores, for inventory control in warehouses or for luggage tagging and routing at airports.
In an airport scenario, one maliciously crafted tag on a suitcase could infect the
ADVERTISEMENT
Register | Update details
Business | Business hardware | Business software | Communications | Employment & Skills | Public sector | Security | More...
News Search Site map >
IT Week > News > Hacking Print : Discuss : Send to friend
J O B Z O N E
Related jobs
Embedded Linux Development Engineer Cambridge - £30,000 £43,000 - £30,000 -£43,000 + BENEFITS, EWRS103108
2 Senior Visual Basic Developers to train into VB.Net - £30,000 plus
Job of the week
Network Systems Engineers / Architects.How would you like to work for a Microsoft Gold Partner on some of the most innovative projects of our time? RM plc is the market leader in providing IT software and solutions to educational establishments, using cutting edge technology to deliver the highest possible quality products.
View UK websites
HOME NEWS REVIEWS COMMENT BLOG JOBS SUBSCRIBE
Page 1 of 4Researchers craft first RFID virus - IT Week
3/16/2006http://www.itweek.co.uk/vnunet/news/2152061/researchers-craft-first-rfid
ADVERTISEMENT
opens backdoor
Virus writer steals £70,000 in three days
Patches rain down on OS X
More stories
News centre
News
Analysis
Comment
Features
Special reports
The past seven days' news
News on your PDA
Forums
Email newsletters
RSS feeds
More from vnunet.com
Credit card providers unite against child pornography
Users choke on price of Apple's first iTunes movie
Microsoft takes on pirate software sellers
scanning system, which could then be instructed to spread the exploit code to all suitcases in the system. This could cause a global RFID infection within 24 hours, researcher Melanie Rieback cautioned.
As the wireless tags are scanned, a specially crafted tag could inject infected code into the middleware, exploiting security vulnerabilities in components such as the web server or database, researcher Rieback demonstrated on Wednesday at the IEEE Conference on Pervasive Computing and Communications in Pisa, Italy.
The tag could also embed javascript to execute code on RFID systems incorporating web based components. The Javascript code could instruct the system to surf to a specific internet address hosting a malicious payload, or for instance format the system's hard drive.
Another possible attack method would be to launch a buffer overflow attack against the RFID reader. The sensor networks typically don't expect buffer overflow attacks because an RFID tags offers only a limited storage capacity, but it could be used to cause a system crash.
RFID worms require careful programming. Because of the limited storage space available, attackers will most likely create code that instructs the system to download additional exploit code off the internet.
Rieback recommended that software engineers pay close attention to how they design RFID systems. They should use security practices that are common in other software implementations, such as limiting privileges for applications and the removal of features that aren't required.
The university has published a special website on RFID viruses, which also offers a ten-page paper on the subject that has been submitted to the IEEE.
Also read: Experts unconcerned by RFID virus
Permalink for this story | View trackbacks to this story
Trackback URL: http://www.itweek.co.uk/actions/trackback/2152061
M A R K E T P L A C E
VB.Net - £30,000 plus benefits including a final salary pension, staff shop, fl, Staffordshire
Embedded Software-C/C++/Java/DSP-Hampshire - £Neg/Market Rates, Hampshire
Search for a job
Page 2 of 4Researchers craft first RFID virus - IT Week
3/16/2006http://www.itweek.co.uk/vnunet/news/2152061/researchers-craft-first-rfid
Enterprise VaultSimplify Email/PST & File Mgmt White Paper, Webcast & Demo
VeriSign 128-Bit SSL Web Site EncryptionLooking for SSL? Turn to the SSL experts. Protect your servers with 128-bit SSL encryption from VeriSign. Register for your free Internet security guide today. Click here.
DeviceWall removable media securityStop internal security breaches by preveting unauthorised USB sticks, iPods, PDAs and other removable media devices connecting to the corporate network.
ThreatSentry IIS App Firewall + Host IPS.ThreatSentry Host IPS + Application Firewall features advanced behavioral anomaly defense engine to protect IIS against new and progressive attack techniques, block unwanted traffic and expand defense-in-depth. $399 per server. Free 30-day trial.
Software Security Training CoursesLearn how to break software security in a two day training course aimed at software testers and software managers. Courses are being held throughout the UK in 2006.
Have your product or service listed here >
Business Directory
Find and evaluate companies with a click
Business Continuity Business Process Management CRM Solutions Computer Recycling Content Management Solutions Data Storage Solutions Document Management Solutions eCommerce Solutions ERP Solutions IT Consulting IT Finance & Leasing IT Security IT Solutions IT Support IT Training Managed Services Mobile Working Network Solutions Phone Systems & Services Public Relations Recruitment Agencies Software Solutions VoIP Web Conferencing Web Design Web Hosting
Sponsored links
Tax expertise for contractors Register for the Computing Web Seminar: IT
Governance: Driving value through business and IT alignment.
HP Mobility Resources and White Papers. FREE to download!
F E A T U R E D J O B S
Page 3 of 4Researchers craft first RFID virus - IT Week
3/16/2006http://www.itweek.co.uk/vnunet/news/2152061/researchers-craft-first-rfid
Information Security SpecialistsPortsmouth | DSTLInformation Security Specialists, Up to £44,000 Based in Malvern, Worcs. or Portsdown West, nr. Portsmouth As the centre of technological excellence for the MOD, Dstl provides world-class scientific advice that gives UK Armed Forces the winning... more >
Applications Business Support OfficerPortsmouth | Portsmouth City CouncilCorporate Resources & Services (ICT) INFORMATION COMMUNICATION TECHNOLOGY SERVICES APPLICATION BUSINESS SUPPORT OFFICER Salary: £22,512 - £30,747 pa (increment pending 1ST April 2006) We require an additional full time Application Business Support Officer.... more >
Senior DevelopersUnited Kingdom | vnucompuk Display Ads for FIS Software LTDFIS Software LTD. A number of opportunities have arisen within FIS Software Test Team and Developers. Successful candidates will join a highly successful and established team of staff based in our head office located in Cardiff... more >
Senior Database Administrator/DeveloperCornwall | Barkers Human Resources Advertising Ltd for Cornwall County CouncilSenior Database Administrator/Developer Grade I £20,157 - £26,157 p.a. - Full-time 37 hours p.w. Based in Truro, Cornwall You’ll join the Information Services Group, where we spend varied days providing, supporting and maintaining effective ICT systems.... more >
More job opportunities
Useful links: About vnu network | Privacy policy | Terms & conditionsAccess keys | Top of page | Feedback © 1995-2006 All rights reserved
part of
Page 4 of 4Researchers craft first RFID virus - IT Week
3/16/2006http://www.itweek.co.uk/vnunet/news/2152061/researchers-craft-first-rfid