From: Arthur Bloom (m35prod@optonline.net)
Date: Fri Mar 17 2006 - 17:21:43 PST
This is a forum that serves people with military vehicle and other sundry
military interests. The article has military significance. The military uses
RFID's. Since they convey info, they can be considered members of the
smallest family of military vehicle. I found the article fascinating.
APB
----- Original Message -----
From: "Stu" <stuinnh@mvnut.us>
To: "Military Vehicles Mailing List" <mil-veh@mil-veh.org>
Sent: Friday, March 17, 2006 8:13 PM
Subject: Re: [MV] Is Your Cat Infected with a Computer Virus
| Now that was on topic. I sure did need to know that.
|
| "Stu" Southern, NH USA
| "Live Free Or Die; Death Is Not The Worst Of Evils"
| MVPA #14790
| 1967 M151A1 Jeep 1964 M416 Trailer
| 1985 M1008 CUCV Pickup
|
|
| -----Original Message-----
| From: Military Vehicles Mailing List [mailto:mil-veh@mil-veh.org] On
Behalf
| Of J. Forster
| Sent: Friday, March 17, 2006 5:58 PM
| To: Military Vehicles Mailing List
| Subject: [MV] Is Your Cat Infected with a Computer Virus
|
| March 15, 2006
|
| Coming Soon: Viruses Spread By RFID Tags
|
| By Gregg Keizer Courtesy of TechWeb News
|
| Radio frequency identification tags (RFID) can be used
| to spread computer viruses and attack middleware
| applications and the databases behind them, a group of
| Netherlands-based scientists said Wednesday.
| At an IEEE' conference on pervasive computing in Pisa,
| Italy, Melanie Rieback, a third-year PhD student at
| Amsterdam's Vrije Universiteit, presented a paper that
| outlined the threat to RFID systems and laid out how
| the small amount of memory in a tag -- in some cases
| as little as 128 bytes -- could be used to corrupt
| databases.
|
| RFID tags have been promoted as a more efficient and
| economical way of tracking products -- from
| manufacturers to end-users -- and have been thought to
| be immune from such hacks.
|
| Not so, said Rieback, a U.S. citizen who has studied
| in the Netherlands for the past five years. "This is a
| real threat, and it's going to be a larger threat if
| it's not taken care of," she said Wednesday after
| presenting her paper "Is Your Cat Infected with a
| Computer Virus?"
|
| Once a hacker has created a miniature virus -- and
| perhaps planted a malicious tag on a product in store
| -- the attack begins as soon as the RFID tag is
| scanned. Attacks on middleware and the back-end
| databases, she said, could take the form of buffer
| overflows, code insertions, and SQL injections (a type
| of specialized code insertion that tricks a database
| into running SQL code).
|
| To combat such attacks, middleware and database
| creators -- including big names like Oracle and SAP --
| must harden their products to account for viral
| infections.
|
| "We wanted to get the message out," she added. "Now
| they have warning."
|
| Viruses could spread from tag to database, then to
| other tags in settings where RFID chips are written
| to, leading to scenarios where one incoming malicious
| tag leads to a factory sending out millions of
| infected chips to its customers.
|
| "There are real-world consequences here," said
| Rieback. "Some car plants use tags on chassis to
| identify what color the car is to be painted. If a
| virus instructs the database to write tags that tell
| [the machinery to] switch colors, you're talking about
| destroying cars."
|
| Andrew Tanenbaum, Rieback's supervising professor at
| Vrije Universiteit, had even more dire attacks in
| mind.
|
| "In an airport that's tagging luggage [with RFID
| chips], drug smugglers would love for their bags to
| disappear," said Tanenbaum. "It would make it that
| much harder for any AI used by the airport or customs
| to spot suspicious bags."
| Likewise, terrorists might be able to circumvent
| RFID-based security measures -- such as those planned
| to track shipping containers -- or evade bomb-sniffing
| systems, such as the one set to debut this spring at
| Las Vegas' McCarran International Airport, where tags
| will be used to verify that bags have been checked for
| explosives.
|
| Viruses on tags can cross borders with ease, said
| Rieback. Although RFID tags use locally-determined
| frequencies to transmit data, there are widely-used
| international standards. A product marked in Germany
| with a malformed tag might be able to infect systems
| in the U.S., although the virus itself would likely be
| middleware- or database specific.
|
| "But that's not a problem," said Tanenbaum. "Back-end
| vendors are usually public knowledge. When a customer
| signs with an RFID vendor, both usually issue press
| releases."
|
| Rieback's presentation included a proof-of-concept
| virus created by a masters-level student of the
| university, Patrick Simpson, to demonstrate the
| attack.
|
| "If we didn't [create a proof-of-concept exploit] no
| one will believe us," Tanenbaum said. "The RFID
| middleware makers, they'll all deny that there's a
| problem." he continued.
|
| "The surprising thing about this all is how easy it
| was to write a virus," he said. "It took Patrick just
| four hours."
|
| "This is a wake-up call," concluded Tanenbaum.
|
| **********
|
| Again, thanks to JP
|
|
|
|
|
|
| ===Mil-Veh is a member-supported mailing list===
| To unsubscribe, send e-mail to <mil-veh-off@mil-veh.org>
| To reach a human, contact <ackyle@gmail.com>
| Visit the searchable archives at http://www.mil-veh.org/archives/
|
|
|
| ===Mil-Veh is a member-supported mailing list===
| To unsubscribe, send e-mail to <mil-veh-off@mil-veh.org>
| To reach a human, contact <ackyle@gmail.com>
| Visit the searchable archives at http://www.mil-veh.org/archives/
|
|
| --
| No virus found in this incoming message.
| Checked by AVG Free Edition.
| Version: 7.1.385 / Virus Database: 268.2.4/282 - Release Date: 3/15/2006
|
|
This archive was generated by hypermail 2.1.4 : Tue Jul 18 2006 - 21:42:32 PDT