Pets could spread computer viruses

News

Researchers from Vrije Universiteit Amsterdam have proved that Radio Frequency Identification tags, such as those implanted in pets, could spread computer viruses.

Advances in Radio Frequency Identification (RFID) tags featured high on the agenda at CeBIT this year. But every technological breakthrough is rapidly followed by those seeking to exploit it. Researchers from

Vrije Universiteit

(VU),

Amsterdam,

have proved that RFIDs could spread computer viruses.

RFID tags are becoming increasingly ubiquitous, making ground in supermarket products, chemical storage, airport luggage tagging and implanted in pets and livestock. As these chips only have a limited memory capacity, it was widely assumed that they could not become infected with a computer virus. However, the VU researchers have now discovered that this is a real possibility and are investigating countermeasures.

PhD candidate Melanie Rieback and her supervisor Prof. Andrew Tanenbaum have found a way of placing a computer virus onto a RFID tag. A malicious virus writer could replicate this process as RFID programming devices are relatively easy to come by. This would mean that when an RFID was scanned, for example at a supermarket checkout or at the vet, the database behind it could become infected and could spread the virus through other scanned items.

The researchers cite an example of how one infected RFID tag is capable of disrupting an entire system with disastrous consequences. The airport at Las Vegas handles two million items of luggage per month. As from May 2006, RFID tags will be attached to cases to speed up the baggage handling process. If someone were to intentionally attach an infected RFID tag to his case, the entire system will be thrown into disarray. As soon as the case is scanned, the infected tag will be able to invade the airport’s central baggage database and all cases subsequently checked in will also become infected. On arrival at other airports, these cases will be scanned again and within 24 hours, hundreds of airports throughout the world could be infected. The perfect solution for smugglers and terrorists wanting to send suspicious luggage across the world without being noticed.

Fortunately, the threat of infection can be countered using standard measures. Rieback stresses that developers must check their RFID systems, and implement safety procedures and secure programme technology. Although these countermeasures will curb the threat posed by RFID viruses, extra time, money and effort will need to be spent on implementing them.