Three Computer Science researchers are warning that viruses embedded in radio frequency identification tags used to identify and track goods are right around the corner.
No RFID viruses have been released live as of yet, according to the researchers at Vrije Universiteit Amsterdam in the Netherlands, but RFID tags have several characteristics that could be engineered to exploit vulnerabilities in middleware and back-end databases, they wrote in a paper presented recently at a conference in Pisa, Italy.
“RFID malware is a Pandora’s Box that has been gathering dust in the corner of our ‘smart’ warehouses and home,” the paper stated.
The attacks can come in the form of a SQL injection or a buffer-overflow attack, even though the tags themselves may only store a small bit of information, the paper said. For demonstration purposes, the researchers created a proof-of-concept, self-replicating RFID virus.
It only took four hours for a master’s student at the university to write a virus small enough to fit on an RFID tag, something previously thought unworkable, said Andrew S. Tanenbaum, a professor at Vrije Universiteit Amsterdam.