by Playfuls Staff |
16th March 2006
After the previous concerns raised by the use of Radio Frequency Identification tags because of their potential vulnerability to viruses, researchers have now announced that the previous approach was a bit too far-fetched and that the danger is not as big as stated in the Amsterdam researchers' study. [more]
According to the British security leader Sophos, the initial study performed at the University of Amsterdam was theoretical and "full of assumptions that have to be realised before it is possible to create a virus that will use RFID tags to spread".
"There are no known vulnerabilities like that in any real RFID middleware system", Graham Cluley, senior techie at Sophos, said. The researchers "had to deliberately build a system with a problem for their virus to spread. Any data storage device can carry virus code but it doesn't necessarily mean that the virus would be able to spread successfully. In this instance, the researchers failed to show how an RFID virus could spread in the real world." He added the fact that Windows desktops and servers are the real battleground for viruses battles, "not the aisles of the supermarket or at the vets when you get your pet cat chipped".
According to Adam Jura, analyst for manufacturing technology at Datamonitor, the news of the virus could yet have a positive effect by helping to focus both vendors and users' minds on the security issues around the track and trace technology.
"At the moment, RFID isn't mainstream – we're still in the early adopter phase, so a virus would have very little impact. The best impact [the research] could have would be to get people to look at the security implications around RFID", Jura told silicon.com
Security companies have also been quick to advise users that the potential threat from RFID viruses is minimal and any potential virus will have a hard time making it into the wild.
The researchers themselves state that there are problems with the virus, including the fact that it will be easily spotted by a database administrator. However, the paper hopes to prompt the RFID industry to take greater care of security in the future. It states: "Developers of the wide variety of RFID-enhanced systems will need to 'armour' their systems, to limit the damage that is caused once hackers start experimenting with RFID exploits, RFID worms and RFID viruses on a larger scale."
However, it seems that there were already ferm supporters of the previous research, which is the case with Katherine Albrecht of privacy group Caspian who said she hoped the virus would help encourage big companies and governments to slow down their RFID rollouts.
