Reacting to the RFID virus controversy, experts at
MicroWorld Technologies
call for a realistic and more serious approach to
see the truth behind and seek pre-emptive measures
to counter future threats, if any.
Ever since Melanie Rieback, a third-year PhD student
of Amsterdam's Vrije University, presented a paper
on virus infection in RFID tags, at the IEEE conference
in Italy, there have been both staunch rebuttals as
well as fervent support towards her findings from
different corners.
An automatic identification method, RFID, is used
to store and retrieve data using a small device called
‘RFID tag’. The tag containing silicon chips
and antennas, gets attached to consumer products to
receive and respond to radio-frequency queries from
an RFID transceiver. This relatively new mechanism,
is widely adopted by supermarkets like Wal-Mart and
even by the Department of Defense.
The research paper says that RFID tags can be infected
with a small virus of about 100 bytes in size. Once
the information in the tag is read wirelessly, the
malware code can upset the database that processes
the information. This in turn can wreck havoc in an
entire system and might even creep to other networks
via network vulnerabilities like buffer overflow.
Quarters aggressively denying this possibility, calls
the paper very weak and hugely imaginative. They say
many basic assumptions in the paper deliberately weaken
the fundamental features necessary in such automatic
data collection and secure database designs. The argument
says that researchers built a system fraught with
weaknesses and then stage-managed a theoretical vulnerability
where many things need to go wrong in a continuous
series.
“What this paper presents is a SQL code that
can replicate on its own. Now, it’s highly debatable
whether you can call this a virus or not. But I suggest
we see the larger picture. Here is a possibility that
has the potential for large-scale destruction. Efforts
should be directed towards deeper research on various
risk factors affecting this methodology, so that they
can be sealed before someone exploits it. An approach
like ‘use it now, let’s see the security
part in the future’ is definitely not the right
one,” contemplates Govind Rammurthy, CEO, MicroWorld
Technologies.
At the bottom line, the Vrije University study shows
that, RFID tag, like any other data device, can possibly
work as carriers of malware causing destruction in
large networks. With these tags acting as gateways
to back-end systems, this thesis at best acts as a
wake up call, points out Govind Rammurthy.
MicroWorld
MicroWorld (www.mwti.net)
are the developers of the world's first Real-Time
AntiVirus and Content Security software eScan
for desktops and servers. Its communication security
software, MailScan
is the first comprehensive e-mail scanner for your
SMTP/POP3 Mail Server. MicroWorld
Winsock Layer (MWL) is the revolutionary technology
underlying these products, powering them to several
certifications and awards by some of the most prestigious
testing bodies, notable among them being Virus Bulletin,
Checkmark, TUCOWS, Red Hat Ready, and Novell Ready.
Combining their powerful scanner with MWL technology,
MicroWorld solutions provide a Real-Time Proactive
security for your systems. For network security of
enterprises, eConceal Firewall is the latest
powerful offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net.
