Wednesday, March 15, 2006
Virus Vulnerability for RFID (Radio Frequency ID tags)?
The breeding ground for the computer virus will be expanding continually and rapidly over the next decade as appliances, automobiles, and all manner of other things become equipped with wireless networking and miniature computers. Cell phone and similar networks may enable worms to leap between devices over long distances and other networks over short distances. Researchers have recently demonstrated that RFID tags may be vulnerable next. Articles on the topic: RFID worm created in the lab [NewScientist.com] Viruses leap to smart radio tags [BBC.co.uk] RFID tags could carry computer viruses [SecurityFocus.com] The details for the curious: RFID Viruses and Worms The AntiVirus paradigm that we [the IT community and industry] have foisted upon PC users is already breaking down under the strain of too many virus variants and too many non-technical PC users. The paradigm probably won't work at all for cell phones and the paradigm is completely broken for the typical RFID device which typically lack an end user administration interface of any kind. The AntiVirus paradigm was invented for Enterprise users who were expected to be paid to devote time to protecting a valuable asset, and technical hobbyist users who loved tweaking their PC. It's not designed for users who want to use their PC as a simple household tool, like a television or a refrigerator. The stuff people want to do with RFID technologies is truly amazing. It starts with automating inventory in retail stores, but goes all the way down to things like "washable RFID tags equipped with sensors on all my clothes will allow me to check to see if my favorite suit is at the cleaners, at home in the laundry bag, or at home ready to wear" and "RFID tags will enable my home pantry to let me check from work to see if I have all the ingredients needed to bake a birthday cake, or if I need to stop at the store on my way home". If this stuff is going to work, we will need to be careful that we don't turn the average home into the administrative nightmare that is the average enterprise network. RFID would flop because consumers can't afford to hire an IT staff to maintain IDS and AntiVirus systems for their pantry, wardrobe, stereo, library and toolshed.