Monday, March 20, 2006

RFID Viruses? More Hype than Horror

In a world where technology remains arcane to most, some would have us believe a boogieman lurks behind every microchip, that a looming techno-enabled disaster is one keystroke away, and every innovation carries with it the potential to usher in the End of the World as We Know It. Enough real threats do exist in the form of viruses, worms, Trojans, spyware, and other malware that such claims are given credence in the eyes of the uninformed, and it becomes easy to get caught up in the hysteria when new reports of cyber-terrorism arise.

We saw this phenomenon recently when the Kama Sutra worm spread around the globe. Many claimed that piece of malware would be the equivalent of the Black Plague for the world’s computers, but that worm’s dreaded deadline came and went without the expected dire results.

Radio frequency identification (RFID) technology has been the target of doom prophets almost from the moment it arrived on the scene. Conspiracy theorists have used RFID to foment talk of secret military programs established to implant tracking chips in innocent civilians, or devious marketeers riding shotgun in black helicopters alongside their evil government counterparts, tracking shoppers all the way home courtesy Big Brother’s latest and greatest scheme.

The most recent example of such overwrought fear-mongering comes in the guise of a paper, written by a group from the University of Amsterdam entitled "Is Your Cat Infected with a Computer Virus?"

This paper theorizes that it is possible for an RFID tag to carry a virus and, in exceptional circumstances, to spread that virus via vulnerable RFID readers and middleware.

The problem with this paper, written in academic style to create a sense of credibility, is that it is full of assumptions and based on highly specific conditions that must be met in order for such a virus to be created and have any hope of spreading.

Most folks in the RFID industry are calling balderdash on this paper.

The code described in "Is Your Cat Infected with a Computer Virus?" works only within the environment constructed specially for the purpose by the authors of the paper. There are no known vulnerabilities in any middleware system similar to those described in the paper.

Because the authors failed to find an exploitable vulnerability in any RFID systems, they deliberately build a system that would allow their virus to spread.

To be fair, the authors claim their paper is offered mostly as a proof of concept, and it is theoretically possible for any data storage device can carry viral code, but that does not mean the virus will be able to spread successfully on its own and, in this case, the authors of Is Your Cat Infected failed to show that an RFID virus can actually spread in the real world.

There are plenty of actual threats to worry about that we don't need to get caught up in the hype of bogus hazards like the RFID virus.

At least not yet…


Post a Comment

Links to this post:

Create a Link

<< Home