Article

2006-03-15 -Short Attention Span Theater-

Viruses can taint radio frequency ID tags

Archived material is restricted to Rantburg regulars and members. If you need access email fred.pruitt=at=gmail.com with your nick to be added to the members list. There is no charge to join Rantburg as a member.

Posted by Carmine 2006-03-15 00:00|| || Front Page|| [1 views since 2007-05-07] Top

#1 RFID chips don't recieve transmissions (to my knowledege), hence cannot 'spread' a virus. Typical MSM ignorance.

Posted by phil_b">phil_b 2006-03-15 06:07|| http://autonomousoperation.blogspot.com/]">[http://autonomousoperation.blogspot.com/] 2006-03-15 06:07|| Front Page Top

#2 Who ever wrote this NYT stroy need s to return to their job as a dishwasher. The don't get RFID. at all. They don't understand how they work or even what RFID is intended to be used for. Mind numbing stupidity.

Posted by SPoD 2006-03-15 06:54|| http://sockpuppetofdoom.blogspot.com/]">[http://sockpuppetofdoom.blogspot.com/] 2006-03-15 06:54|| Front Page Top

#3 The last three paragraphns contain actual information. It is amazing how often this is true in MSM scare stories:

"We have not found specific flaws" in the commercial RFID software, Tanenbaum said, but "experience shows that software written by large companies has errors in it."

The researchers have posted their paper and related materials on security issues related to RFID systems on the Internet at www.rfidvirus.org

The researchers acknowledged that inside information would be required in many cases to plant a hostile program. But they asserted that the commercial software developed for RFID applications had the same potential vulnerabilities that have been exploited by viruses and other malicious software, or "malware," in the rest of the computer industry.

Posted by Nimble Spemble 2006-03-15 07:19|| 2006-03-15 07:19|| Front Page Top

#4 OK, so you can write a "virus" that takes up less than 128 bytes. Nice job, but so what?

How's it spread? What's it do? Won't it be obvious when the RFID doesn't give the right return during testing?

Posted by Robert Crawford">Robert Crawford 2006-03-15 07:23|| http://www.kloognome.com/]">[http://www.kloognome.com/] 2006-03-15 07:23|| Front Page Top

#5 "software written by large companies has errors in it"

*snicker*

That's one of the dumbest statements I've ever read.

Posted by Glert Thetch2165 2006-03-15 07:34|| 2006-03-15 07:34|| Front Page Top

#6 experience shows that software written by large companies has errors in it."

Anyone who has worked in the software biz will, no doubt, find this a stunning revalation. I'm shocked.

Posted by SteveS 2006-03-15 08:58|| 2006-03-15 08:58|| Front Page Top

#7 and Articles written by Large News organizations often have errors.

Another shocking truth.

Posted by AlanC">AlanC 2006-03-15 10:36|| 2006-03-15 10:36|| Front Page Top

#8 lol, AC. You beat me to it.

Posted by BA 2006-03-15 11:18|| 2006-03-15 11:18|| Front Page Top

#9 How many errors can you fit into 128 bytes of glorified barcode?

Posted by Fred 2006-03-15 12:05|| 2006-03-15 12:05|| Front Page Top

#10 Depends on how big the company is, according to the article, lol.

Posted by Glert Thetch2165 2006-03-15 12:17|| 2006-03-15 12:17|| Front Page Top

#11 Anyone who has worked in the software biz will, no doubt, find this a stunning revalation. I'm shocked.

Personally, I'm shocked when a piece of code Does the Right Thing. But I'm a jaded bastard.

How many errors can you fit into 128 bytes of glorified barcode?

1024

Posted by Robert Crawford">Robert Crawford 2006-03-15 13:29|| http://www.kloognome.com/]">[http://www.kloognome.com/] 2006-03-15 13:29|| Front Page Top

#12 How many errors can you fit into 128 bytes of glorified barcode?

1024

No. The right answer is (2**1024) - 1 ie a number with over 300 zeros behind.

Posted by JFM">JFM 2006-03-15 13:59|| 2006-03-15 13:59|| Front Page Top

#13 How many errors can you fit into 128 bytes of glorified barcode?

1 ie a number with over 300 zeros behind

hey thatsa one big number..

Posted by RD 2006-03-15 14:54|| 2006-03-15 14:54|| Front Page Top

#14 No. The right answer is (2**1024) - 1 ie a number with over 300 zeros behind.

I was looking at individual bits, not trying to interpret them.

Posted by Robert Crawford">Robert Crawford 2006-03-15 14:59|| http://www.kloognome.com/]">[http://www.kloognome.com/] 2006-03-15 14:59|| Front Page Top

#15 Suddenly everyone is an RFID tech whizz? And launches into an 'indepth' analysis of the subject - "Mind numbing stupidity"

I never knew you were also such highly technical computer engineers.

Andrew Tanenbaum http://en.wikipedia.org/wiki/Andrew_S._Tanenbaum

Seems to know a thing or two about computers and I wager he has forgotten more about his field than you lot could ever muster. (Myself included)

More examples of your partisan hackery; ignorant of facts or any solid arguments in defence or otherwise.

"Mind numbing stupidity" - I'll say....

Posted by Trex 2006-03-15 16:11|| 2006-03-15 16:11|| Front Page Top

#16 Trex, so what's got your nickers in a twist? And if you can point to an error of fact or interpretation, go ahead and do so. Otherwise, take you pointless blather elsewhere.

Posted by phil_b">phil_b 2006-03-15 16:42|| http://autonomousoperation.blogspot.com/]">[http://autonomousoperation.blogspot.com/] 2006-03-15 16:42|| Front Page Top

#17 JFM, isn't the number of potential bugs 128! (128 factorial) since a bug could result from any number of the bytes in combination.

Posted by phil_b">phil_b 2006-03-15 17:11|| http://autonomousoperation.blogspot.com/]">[http://autonomousoperation.blogspot.com/] 2006-03-15 17:11|| Front Page Top

#18 T Rex can cite Wiki as a knowledgable source? *snort* no wonder you're extinct

Posted by Frank G 2006-03-15 17:22|| 2006-03-15 17:22|| Front Page Top

#19 What bugs me is that I enjoy a lot of the comments made here but get annoyed when the less eloquent post certain types of comment.

It actually worries me that so many here post with such lack of balanced perspective that they look as deranged, tainted and partisan as the extremists often discussed.

I'm not saying these views are not valid but they need to be balanced to be heard, understood and assimilated. Making comments like 'burn them all', 'kill all of them', 'nuke them' etc leaves me feeling the relevant posters are extremists themselves.

This devalues much of what is said and, indeed, Rantburg too.

This article prompted a similar 'gang' attack on a seemingly innocuous subject matter. Such that suddenly these computer scientists and the hack who wrote the story are dumb, stupid, etc. I mean what is the point of that?

Posted by Trex 2006-03-15 17:38|| 2006-03-15 17:38|| Front Page Top

#20 Trex, the point is the self-styled newspaper of record, published an articled riddled with errors and ignorance of the subject.

Otherwise, 'burn them all', 'kill all of them', 'nuke them' comments will get you redacted and in some cases trolled.

And finally 'balance' is a myth. It doesn't exist. The notion of balance embeds a spurious single continium of views model. Whereas there are any number of views possible on a particular issue - not restricted to a right/left (or any other) continium.

Posted by phil_b">phil_b 2006-03-15 17:51|| http://autonomousoperation.blogspot.com/]">[http://autonomousoperation.blogspot.com/] 2006-03-15 17:51|| Front Page Top

#21 Trex,

are you talkin to me.

/oh gawd where do they spring forth from

Posted by RD 2006-03-15 18:25|| 2006-03-15 18:25|| Front Page Top

#22 phil_b.

Nope. Each one of the 128 bit can take two states 0 ans 1. So 2***128. Then we substract one: the right solution.

Posted by JFM">JFM 2006-03-15 19:10|| 2006-03-15 19:10|| Front Page Top

#23 JFM, you are confusing bits and bytes. A byte can hold either an instruction or data. A single instruction or item of data cannot itself be a bug. A bug is always results from two or more instructions/data in combination. Hence the number of possible bugs is 128! (or 127!).

Posted by phil_b">phil_b 2006-03-15 19:30|| http://autonomousoperation.blogspot.com/]">[http://autonomousoperation.blogspot.com/] 2006-03-15 19:30|| Front Page Top

#24 "Now we get to the scary part. Now consider a malicious traveler who attaches a tiny RFID tag, pre-initialized with a virus, to a random person's suitcase before he checks it in. When the baggage-handling system's RFID reader scans the suitcase at a Y-junction in the conveyor-belt system to determine where to route it, the tag responds with the RFID virus, which could infect the airport's baggage database. Then, all RFID tags produced as new passengers check in later in the day may also be infected. If any of these infected bags transit a hub, they will be rescanned there, thus infecting a different airport. Within a day, hundreds of airport databases all over the world could be infected. Merely infecting other tags is the most benign case. An RFID virus could also carry a payload that did other damage to the database, for example, helping drug smugglers or terrorists hide their baggage from airline and government officials, or intentionally sending baggage destined for Alaska to Argentina to create chaos.... "

Posted by Trex 2006-03-15 20:14|| 2006-03-15 20:14|| Front Page Top

#25 Interesting that a search of the CERT site returns no hits on RFID.

I found some information here which was interesting - written from the system POV (primarily the data warehousing function which would be important in processing RFIDs):

How does the RFID function?
From a simplistic definition standpoint, an RFID tag consists of a transponder and an embedded silicon chip with encoded data. The tag is placed on an object, and when the object passes within range of an antenna broadcasting radio waves on a specific frequency, the transponder "wakes up" and sends the chips data to a transceiver, sometimes over distances up to 20 feet.

What does the transceiver do?
The transceiver collects the data from each RFID tag, decodes it and transmits it to a data store or central processing computer. From there, the data can be analyzed and used according to specific requirements.

What happens if a transponder receives bad data?
Bad data can be generated (theoretically) by a defective RFID tag or an RFID virus (let's hope not). Transponders must have change data capture logic programmed in, along with parallel authentication devices to ensure that the data from the RFID is indeed bad. We may want to capture this information and record the fact that the RFID is bad so it can be replaced. We may even want to know how to replace it and how to keep it from "infecting" other nearby RFIDs. We can take a lesson from the credit card processing companies here. In an active data warehouse, they have flags that signal possible fraudulent activities. A similar rating system might be employed to detect bad data from the RFIDs and to either re-program them remotely or shut them down. Either way, the transponders must be connected to an active data warehouse in order for these decisions to be made.

And a bit of practical info to flesh it out...
Two things that force changes to our architectures and designs are latency and volume. RFIDs are active on both fronts. Let's examine a hypothetical example to explore latency and volume.

Suppose we have a carton of candy bars, and each candy bar wrapper is tagged with an RFID tag. Now assume that the manufacturer has transponders at the plant, and the data from the transponders begins streaming into a centralized data warehouse the minute the candy bar is wrapped. Through the packaging process the candy bars are put in boxes (20 at a time). The boxes are then shrink-wrapped and put on a pallet for distribution. Let's say 500 boxes fit on a pallet. Now from one pallet alone, the transponders are receiving and transmitting data from 10,000 tags.

At this vendor's site the FAQ had some interesting bits:

If I use RFID in my processes, and the product is shipped to a customer containing some data I dont want shared, is there anything to prevent access to that data?

Answer: Yes, permanent memory locks within the computer chip can secure data at the byte level to prevent access of data to unauthorized users. Bytes left unlocked, can be re-written to 100,000 times. Bytes can be locked in the factory or in the field to protect data as it is entered along the supply chain. Data can also be encrypted or password protected if the application requires data security.

I suggest no arguments with this, just following up to see what the issues are - and if the proposed danger exists, and if so, how difficult will it be to secure. RFID is a developing technology - and all newbies have early days grief. Rapid adoption, without standards resolving the issues, is the real danger.

Posted by Glert Thetch2165 2006-03-15 20:55|| 2006-03-15 20:55|| Front Page Top

#26 One vulnerability exists if the receiving software is not correctly written. For instance, a common virus technique is to exploit software weaknesses in ways that cause a buffer overflow, i.e. write 'data' into unintended areas of the program in memory. That 'data' can either simply cripple the program or, more subtly, consist of other instructions to execute.

In this case, the most likely scenario suggested by this research is that information either gets spoofed or gets corrupted in a shared database.

This particular type of exploit can be prevented, if the receiving software is tightly written. The point of the research is that many people assume there is no vulnerability and therefore it's quite possible their programs are open to potential exploitation.

And BTW Trex, a few of the people commenting in this thread are computer scientists themselves, or seasoned software practitioners and/or electrical engineers. ;-)

Posted by lotp 2006-03-15 21:13|| 2006-03-15 21:13|| Front Page Top

#27 This is the study referred to.

Although note, it can only work with (radio)rewritable RFIDs. My knowledge of this technology is a few years out of date, but all RFIDs used to be read only.

Rewrittable RFIDs are IMHO a highly questionable technology. Open to all kinds of abuses.

Posted by phil_b">phil_b 2006-03-15 22:03|| http://autonomousoperation.blogspot.com/]">[http://autonomousoperation.blogspot.com/] 2006-03-15 22:03|| Front Page Top

23:57 gromgoru
23:57 JosephMendiola
23:52 tipper
23:52 2b
23:48 2b
23:47 trailing wife
23:43 3dc
23:42 3dc
23:40 Frank G
23:40 Frank G
23:34 Frank G
23:32 gromgoru
23:28 JosephMendiola
23:25 gromgoru
23:23 Glert Thetch2165
23:22 gromgoru
23:17 Glert Thetch2165
23:16 Pappy
23:14 Glert Thetch2165
23:14 Captain America
23:12 Captain America
23:04 Alaska Paul
22:51 BA
22:49 badanov