Are RFID Tags Vulnerable to Viruses?

Dutch researchers claim RFID technology is open to hacker attacks and disruptive viruses. What's the answer?

Virus check in aisle four!

It's unlikely you will hear that in your local supermarket anytime soon. But retailers and vendors involved in wireless RFID tagging are concerned that the tagging devices may provide a direct line through the supply chain for viruses and malicious code.

Such injections would be hard to track and even harder to stop.

This, say experts, is because radio frequency ID (RFID) (define) tags number in the billions, and the information that is captured or transmitted by these small devices usually does not travel through the same protected screens and firewalls as conventional wireless data traffic.

A report released this week by researchers at Vrije University in Amsterdam heightened concern about RFID and viruses.

It said that RFID tags could be used as a medium to transmit a computer virus that might eventually bring an entire system to its knees. The report also noted that the limited storage buffer of an RFID tag -- typically ranging from 90 to just over 100 bytes -- offers just enough legroom for damaging code to hide out and wait for a connection to the network.

Wal-Mart and the Department of Defense are among the heavey users of RFID. So if RFID technology can be easily compromised, then this is a serious concern.

Of course any sort of digital technology that is networked can be infringed upon or corrupted with malicious intent, Srini Krishnamurthy, vice president of Strategy & Business Development for Airbee Wireless, told

"Although read-only and, in some cases, read/write, RFID data lives in the same environment that viruses and worms permeate on the Internet."

Tags that have been tampered with "can introduce errors which could spread and create chaos until it gets noticed," he added. "Airline baggage tags are a good example of that scenario and an attractive target."

Norm Laudermilch, CTO of Trust Digital, said it doesn't take much malicious code to do things like a SQL injection or take advantage of vulnerabilities in a PHP Web site.

Plugging the holes in RFID technology may not be all that difficult, however. There is currently a "very short list" of vendors that focus on interactions with RFID tags, Laudermilch said.

This article was first published on To read the full article, click here.

Comment and Contribute


(Maximum characters: 1200). You have characters left.