Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Oleg Petrovsky, senior software development engineer at Microsoft, claimed that at a hardware level, a RFID tag normally consists of a receiver and transmitter and a micro-controller that facilitates the exchange. However the micro-controller is not powerful enough to employ sophisticated means of a robust real-time encryption and is susceptible to attack.
Petrovsky said: "Normally, information stored on the tag has to be authenticated to prevent counterfeiting but because tags are thought of most often as a disposable device the cost of manufacturing is kept low.
"Most of the time a RFID reader is connected to some sort of database software to process data received from the tag. Once the tag is compromised it further opens possibilities for various scenarios of security breaches."
He claimed that when a RFID tag comes within close proximity of the RFID scanner, the scanner reads and processes information from the tag. A tag can be active or passive - that mostly means either the presence or absence of an internal power source.
If there is no internal power source, RFIDs use a wire coil which picks up electromagnetic energy from a reader. This means the tag can be read or written to and can store identification information, as well as arbitrary information acting as a portable storage device used by a service application in any way it finds useful.
Petrovsky considered how likely it was for a remote or wireless device to catch an ‘airborne' virus if it was in contact with an infected laptop or a PDA.
"Technically speaking, if a virus broadcasts itself utilising a wireless data transfer protocol and another system accepts this transmission and transfers control to the received data, then we may have a case of an ‘airborne' infection," said Petrovsky.
"The most plausible case scenario might include a virus that utilises a vulnerability in the driver of a wireless device or a service using either TCP/IP or Bluetooth protocols. However, despite the growing numbers of wireless devices, including smartphones, PDAs and 2G, 2.5G, 3G and GPRM network services, so far we've been fortunate to not have outbreaks of this nature."
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.