NEWS FROM THE LAB - Thursday, March 16, 2006

F-Secure Anti-Virus for Cats Posted by Antti @ 06:39 GMT

Andrew Tanenbaum and his students just published a paper on the possibility of self-replicating RFID viruses (PDF). The paper is titled "Is Your Cat Infected with a Computer Virus?". MSNBC also has a story on this.

RFID tags, as you may know, are small radio chips that can be placed on inanimate objects, animals or even humans. Once in place, a specialized reader can read the tag from tens of meters away. The technology can be used to track luggage at airports or to automate store checkout systems, among many other things. It's already quite common to tag family pets for easy identification (hence the title of the paper).

F-Secure Anti-Virus for Cats

The paper presents an attack where the tags carry a small amount of data (127 characters) that will infect the RFID reader. More precisely, they use an SQL injection attack against an Oracle database backend that interfaces with the reader. The reader will then continue to infect all new tags it sees. Luckily, this is currently only a proof-of-concept attack, even though it's a scary idea.

As a side note, did you know that RFID tags are also used to fight />=3 the H5N1 avian influenza? I bet the clever people who thought of that never saw this one coming.