Trade Group Attacks RFID Virus Claims - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10:31 AM

Trade Group Attacks RFID Virus Claims

Researchers claim to have discovered a way to infect an RFID chip with a virus, but in fact they just built a poorly designed system, said an RFID trade association.

For instance, they stressed that most RFID applications, including EPC Gen2, look for specific kinds of data. Poor reader design might allow detection of a "rogue" tag, but a secure system will verify data against predefined parameters, as do current bar code systems.

The ability to insert a virus implies that a tag contains executable code that is recognized by software. This, they assured, is impossible with most RFID applications since specific kinds of data are sought and systems will either flag or reject anything that doesn't fit the data template.

Other industry reaction to the paper was mixed, but many agree it presented a wake-up call.

"With respect to the students involved, the paper as presented is rather weak," said Kevin Ashton, ThingMagic Inc. vice president, and co-founder of the Massachusetts Institute of Technology (MIT) Auto-ID Center. "The 'real' virus they claim to demonstrate in the paper is not a virus, just a self-replicating piece of SQL code."

The paper, however, does call attention to an obvious problem the software industry has faced for years, suggested Julie England, vice president at Texas Instruments. "Companies need to provide multilevel security and take responsibility for testing before releasing applications to the market," said England.

Last month, cryptographers reported weaknesses in the underlying RFID chips and hashing algorithms. In a panel discussion during the RSA Conference, Adi Shamir, professor of computer science at the Weizmann Institute, disclosed that he had recently applied power analysis techniques to crack passwords for the most popular brand of RFID tags.

At the same panel, Ron Rivest, who co-developed the RSA algorithms with Shamir, called for an industry effort to create a next-generation hashing algorithm to replace SHA-1, which is used broadly for computer security.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 2
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Is Cloud Migration a Path to Carbon Footprint Reduction?
Joao-Pierre S. Ruth, Senior Writer,  10/5/2020
IT Spending, Priorities, Projects: What's Ahead in 2021
Jessica Davis, Senior Editor, Enterprise Apps,  10/2/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll