Wednesday, July 19, 2006
RFID Chips a Computer Virus Risk? 
by Lenka Reznicek [permalink] 
My good friend Daphne passed on a very informative link at PCWorld.com: The 10 Biggest Security Risks You Don't Know About. Among the ten, one especially caught my eye - not in terms of frequency of risk, etc., but out of curiosity. Apparently, some RFID chips and "smart cards" are vulnerable to virii:
Though highly useful, some implementations of the RFID technology have security weaknesses. For example, the information on some tags can be rewritten, and other tags can be read from an unusually great distance.

In an attempt to exploit some of these weaknesses, the Dutch university researchers conducted a controversial proof-of-concept study using modified RFID tags and a viruslike command to "infect" the back-end database that stored the tag's records. Theoretically, an RFID system could thus be made to crash or run malicious code--a scary prospect for a critical business or government technology.

Numerous computer security experts have pointed out that a reasonably well-built system with effective "middleware" between the RFID reader and the database probably wouldn't be vulnerable to such an assault. And sensitive RFID chips can use encryption and shielding covers to protect against acquiring an unasked-for malicious payload. The planned U.S. passports will use both measures.

Still, the study illustrates a basic point: Nearly every system has exploitable flaws. Keep an eye on your cat.
As the article points out, metal shielding around RFID tagged objects (e.g.R, tinfoil hats) helps mitigate the risk. However, this may not be a viable option for cats.