RFID Tags Not Virus-Proof?
There’s just enough memory on radio frequency identification (RFID) tags to insert a computer virus, according to a group of European computer researchers. Computer experts had previously held that the tracking technology couldn’t accommodate a virus. But the group, which is affiliated with Vrije Universiteit in Amsterdam, The Netherlands, gave a report last week in Pisa, Italy, that aimed to show the threats of an RFID virus.
The software chips are used to track products from supplier to retailer. When a retailer’s supply is running low, it can rely on the tag to tell it so. They can be read quicker than bar codes and store more information.
Many companies in the horticulture industry have not started using the tags yet because of the costs associated with them. Companies must have additional personnel to install the software and the software itself — tags, wave-emitting transponders and readers necessary for product communication. The horticulture industry’s products are also less uniform than those in other industries. The products don’t come out of a mold; it’s difficult to tag for a variable plant size, weight or consistency.
A virus might affect the accuracy of supply and pricing information or throw off a grower’s inventory. It would upset a system that took time and money to implement, and it would reduce the trust in a fairly new product, the research stated.
Some large growers are just starting to budget for an RFID system. It might be more efficient than past software, the group reports, but their paper claims that RFID may not come free of flaws.
“While the idea of RFID viruses has surely crossed people's minds, the desire to see RFID technology succeed has suppressed any serious consideration of the concept,” the group reports. “Furthermore, RFID exploits have not yet appeared “in the wild” so people conveniently figure that the power constraints faced by RFID tags make RFID installations invulnerable to such attacks.”
The report did offer some hope for prevention of attacks: Scrutinize the data and the program code. If something doesn’t seem right, check it out. The widely distributed commercial RFID software may be more trustworthy than the “home-grown” kind.
RFID Journal promotes the use of the technology and, on its Web site, says, “virtually every company on Earth will be required to use RFID in one way or another to remain competitive in the global market.”
The report and the conference in Italy weren’t telling companies not to use the system; they were offering a warning of possible threats.
“Our main intention behind this paper is to encourage RFID middleware designers to adopt safe programming practices. In this early stage of RFID deployment, (software) developers still have the opportunity to lock down their RFID systems, to prepare them for the attacks described in this paper.”