Title :
Is your cat infected with a computer virus?
Author :
Rieback, Melanie R. ; Crispo, Bruno ; Tanenbaum, Andrew S.
Author_Institution :
Comput. Syst. Group, Vrije Univ. Amsterdam
Abstract :
RFID systems as a whole are often treated with suspicion, but the input data received from individual RFID tags is implicitly trusted. RFID attacks are currently conceived as properly formatted but fake RFID data; however no one expects an RFID tag to send a SQL injection attack or a buffer overflow. This paper is meant to serve as a warning that data from RFID tags can be used to exploit back-end software systems. RFID middleware writers must therefore build appropriate checks (bounds checking, special character filtering, etc.), to prevent RFID middleware from suffering all of the well-known vulnerabilities experienced by the Internet. Furthermore, as a proof of concept, this paper presents the first self-replicating RFID virus. This virus uses RFID tags as a vector to compromise backend RFID middleware systems, via a SQL injection attack
Keywords :
SQL; computer crime; computer viruses; data privacy; middleware; radiofrequency identification; ubiquitous computing; Internet; RFID middleware systems; RFID systems; RFID tags; SQL injection attack; back-end software systems; buffer overflow; computer virus; radiofrequency identification attacks; self-replicating RFID virus; special character filtering; Computer displays; Computer hacking; Data security; Middleware; Pervasive computing; Positron emission tomography; RFID tags; Radiofrequency identification; Software systems; Tagging;
Conference_Titel :
Pervasive Computing and Communications, 2006. PerCom 2006. Fourth Annual IEEE International Conference on
Conference_Location :
Pisa
Print_ISBN :
0-7695-2518-0
DOI :
10.1109/PERCOM.2006.32
