RFID tags vulnerable to viruses, study says

Computerworld ^ | 03/15/2006 | Jeremy Kirk

[Ramius]

Swell. Just swell. But finding the vulnerability is the first step. Should be ways to deal with it, I'd think.

[ShadowAce]

[AntiGuv]

Should be ways to deal with it, I'd think.

I sure hope not. The sooner RFID gets exposed for the huge threat it is, the better. I think this is excellent news.

[Ramius]

Uh, yeah... OK. And bar codes. Don't forget bar codes. :-)

[AntiGuv]

You cannot hack a bar code.

[Calpernia]

And the National Institute of Health wants to use microchips for DRUG DELIVERY http://nationalpropertyowners.org/BRP2002Report.PDF

The cute new word is for that is telemedicine

Can you imagine, drug delivery being RFID capable? You can hack in and kill someone.

[Calpernia]

ping

[discostu]

Sure you can:
http://www.azalea.com/

There's tons and tons of bar code software packages out there, read em, print em, do whatever you want with them. Can't transmit a virus with them, but I doubt you can really transmit a virus with RFIDs either, too many variables, not enough space. It's a theoretical possibility sure, but as for really doing it we're talking a serious inside job.

[StoneGiant]

I sure hope not. The sooner RFID gets exposed for the huge threat it is, the better. I think this is excellent news.

Even better news is that RFID may be defeated. When they put the tags with "666" on our forehead we'll be able to recode them to destroy the system.

[AntiGuv]

FutureTechPing!

An emergent technologies list covering biomedical research, fusion power, nanotech, AI robotics, and other related fields. FReepmail to join or drop.

[Pessimist]

Have we really sunk to this level in terms of programming?

Some idiot is really writing an app that harvests a piddly amount of data from an RFID tag an he can't even validate it first before he passes it on to lord know how many other COM, .NET, "Where do you want to go today" objects?

Its sad really.

[Ramius]

You cannot hack a bar code.

Of course you can. With a sharpie, no less.

[kevin_in_so_cal]

Have you already seen this?

[KarlInOhio]

Any program that takes external input without limiting input length is just begging for trouble. You can't have a buffer overrun attack without sloppy programming. This is a problem with the RFID receiver and the computers it is attached to not the RFID itself.

Just imagine being able to print your own UPC symbol with more than the allowed number of bars to break into a cash register's computer. This is similar. You can't count on RFID chips to only come from "friendly" suppliers.

Previous bosses have complained about by tendency to use strncpy and manually placing a '\0' at the end of the space allocated for a string instead of just using strcpy and letting the function do it. Taking the shortcut is how buffer overruns occur.

< /programming geek mode>

[AntiGuv]

Fair enough, then I will be tediously more precise. You cannot steal anyone's identity using barcodes. You cannot monitor anyone's activity in any meaningful way using barcodes. You cannot compromise anyone's privacy in any meaningful way using barcodes. You cannot track anyone's whereabouts using barcodes. You cannot threaten anyone's well-being using barcodes. In fact, there is very little that any normal person or entity would want to do that can be achieved by hacking barcodes.

[Calpernia]

http://www.freerepublic.com/focus/f-news/1563271/posts
Healthy People 2010

Before Bill Clinton left office, he authorized 2001 an 84% increase in the government's investment in nanotechnology research and development, National Nanotechnology Initiative (NNI) http://clinton4.nara.gov/WH/New/html/20000121_4.html and made it a top priority.

• This governmental increase has been combined with non-governmental organizations (NGO) and grant programs. These NGOs have been creating partnerships with existing governmental agencies and masking initiatives as Federal and State grant reward programs. They are not.
• Here, at the CDC is an overview of what is called, Healthy People 2010 http://www.cdc.gov/nchs/about/otheract/hpdata2010/abouthp.htm .
• As you can see from �www.cdc.gov/nchs/about/otheract/hpdata2010/abouthp.htm, the initiative is driven with 28 different categories. All of these categories have grant award programs that are awarding monies through various agencies to promote a �healthy initiative program'. Some of the programs alone, sound harmless. When they are tied together though, they are disturbing.
• Former President Clinton's budget for his NATIONAL NANOTECHNOLOGY INITIATIVE is fueled by funding from the National Nanotechnology Initiative, National Science Foundation, National Institutes of Health, Department of Homeland Security, Department of Energy and the Department of Defense in combination with private and nonprofit funds from non-governmental organizations.

These funds now make available monies for grant projects for:

Focus Areas at a Glance (28)

• Access to Quality Health Services
• Arthritis, Osteoporosis and Chronic Back Conditions
• Cancer
• Chronic Kidney Disease
• Diabetes
• Disability and Secondary Conditions
• Educational and Community-Based Programs
• Environmental Health
• Family Planning
• Food Safety
• Health Communication
• Heart Disease and Stroke
• Immunizations and Infectious Diseases
• Nutrition and Overweight
• Injury and Violence Prevention
• Maternal, Infant, and Child Health
• Medical Product Safety
• Mental Health and Mental Disorders
• Occupational Safety and Health
• Oral Health
• Physical Activity and Fitness
• Public Health Infrastructure
• Respiratory Diseases
• Sexually Transmitted Diseases -STD
• Substance Abuse
• Tobacco Use
• Vision and Hearing

  (more at link)

[AntiGuv]

See my post #15. Use a sharpie if it'll help. ;)

[Ramius]

Sounds like a good thing that will help a lot of people.

As far as hacking in and killing someone... they could do that now by hacking into the pharmacy.

Just because something *can* be misused doesn't mean it shouldn't exist. Guns and cars and cameras and hair dye can all be misused. There's risk in all things.

[discostu]

Sure you can, it's harder, you've got to get a hold of something of theirs with bar code (like an AZ driver's license) and hack the data, but it's doable. And you can't do any of that other stuff with RFIDs, maybe in the future but not now, right now RFIDs are for tracking PACKAGES and make shipping a lot easier. People don't have RFIDs, and given the short range of RFIDs most of the nightmare scenarios are technically unfeasable.

[AntiGuv]

PS. And to be sure, I have no problem with RFID so long as it's limited to unrisky uses. It's many of the proposed uses, which incidentally would involve more memory than the amount supposedly inadequate for viruses, that are of concern to me.