It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

RFID Worm

page: 1
0

log in

join
share:

posted on Mar, 19 2006 @ 01:23 PM
link   
I wasn't sure whether to post this under a new world order thread or the science forum, but i think science is the best way to go here. Take a look, it's a worrying aspect of RFID technoledgy.


www.newscientist.com...



A tag infected with a worm and attached, for example, to a piece of luggage could rapidly infect other luggage in an airport, the Dutch researchers say. "On arrival at other airports, these cases will be scanned again and within 24 hours, hundreds of airports throughout the world could be infected," they said in a statement issued by the university.

The Dutch researchers add that a malicious RFID tags could also bypass physical security measures by fooling a computer into thinking it has just received a different identification code. In the hypothetical airport example, this would provide "the perfect solution for smugglers and terrorists wanting to send suspicious luggage across the world without being noticed," they add.




Opinions on this?
Edited because of some severe spelling mistakes, sorry.

Mod Edit: Posting work written by others outside of ATS -- Please read this link.
[edit on 19-3-2006 by ImaginaryReality1984]

[edit on 3/21/06/21 by junglejake]




posted on Mar, 19 2006 @ 03:09 PM
link   
Add this with the story on BBC news here today in the UK, this is worrying.

The news article was about a group who had managed to hack RFID tags, and use the info in them for their own gains. A by product of this was that they were able to make an RFID virus, just like they did with pc's and blue tooth machines... worrying indeed. (And they want one of those tags in each and every one of us??!! They must be mad!)

Still doubt its a worry? read this.

www.rfidvirus.org...



posted on Mar, 19 2006 @ 03:14 PM
link   
This appears to be affecting the chips in pets as well. They are having signals all of a sudden disappear, or move to an erroneous location.



posted on Mar, 19 2006 @ 03:26 PM
link   
Frankly, I see this as a positive development.... I was somewhat worried were this technology was headed...



posted on Mar, 19 2006 @ 04:58 PM
link   

Originally posted by Valhall
This appears to be affecting the chips in pets as well. They are having signals all of a sudden disappear, or move to an erroneous location.


I don't know what you mean by this. My cat has a chip and when it was scanned at the vet the other day they couldn't find it. This was simply because it had moved under the skin and had somehow worked it's way down to the tail. Maybe the pet thing is an innocent problem like that?

As for RFID chips in everything else, i really don't like the idea at all. I was against it before but now it seems even worse, these chips are not only pointless for security they actually seem to allow more crimes then they could prevent.



posted on Mar, 21 2006 @ 09:38 AM
link   
This is a total joke. I found this about the 'issue':

www.boingboing.net...



The "RFID Virus" is absolutely laughable.

If you read the "paper", here's what they do:

1. Construct an RFID middleware system, intentionally design it to have some really obvious security flaws, ones that even most basic web developers know to avoid, namely the two security no-nos of implicitly trusting external data, and treating data as code.

2. Knowing the exact nature of those two obvious security flaws, including the exact implementation of the flaws, send malicious data that exploits those flaws.

This is so laughably stupid, but somehow it got picked up by the news outlets because it contains buzzwords: "RFID" and "Virus".

Really, what they're doing is the equivalent of:

1. Designing a barcode system to automatically self-destruct if it ever reads a barcode of 1337 1337, for no reason other than to prove it's dangerous.
2. Broadcasting to the world that the barcode system will self-destruct if it ever reads a barcode of 1337 1337.
3. Intentionally reading a barcode of 1337 1337.
4. Claiming that barcodes are dangerous.

RFID Tags, just like barcodes are just data. Nothing more than data. If you intentionally design a system to be vulnerable to certain data, then intentionally expose the system to that data, then yup, you'll have a problem.

I'm surprised the music industry hasn't tried this with MP3s. Design a MP3 player that will format your hard drive if it sees a certain often-downloaded song, download that song, show the drive getting formatted, then claim that MP3s are dangerous because they might format your hard drive.


Due to the simplicity of RFID no working hacks will ever be made...but thats just my oppinion



posted on Mar, 21 2006 @ 10:02 AM
link   
A lock is a very simple thing but it can be picked.

Fingerprint scanners were said to be "unhackable" and yet fake prints are so easy to make you can bypass one of these scanners very easily. Even the "live finger" machines can be tricked. I have actually experimented doing that and it really is very easy. I am a locksmith in training so that kind of thing interests me.

Digital Cable and Satellite boxes were meant to be unhackable and yet they were recently broken.

Just because the chip is simple does not mean it cannot be "hacked". Web designers and code writers make mistakes all the time, they only have to gte it wrong once and someone could exploit it.



posted on Mar, 21 2006 @ 03:08 PM
link   


Just because the chip is simple does not mean it cannot be "hacked". Web designers and code writers make mistakes all the time, they only have to gte it wrong once and someone could exploit it.

Well that is correct. I just don't see RFID as being any different from a barcode or a credit card with relation to the virus thing.

Of course mistakes can be made in the systems handling the RFID chips, but this is also the case in card readers and barcode scanners, where no such things have ever happened...I think :-P

There are some concerns related to RFID, but that is mainly regarding privacy and not vira or hacking in my oppinion.



posted on Mar, 21 2006 @ 05:13 PM
link   
You have to be kidding right, how can anyone take this seriously. Even the highest capacity RFID chip is an 8 bit, 128 Byte string. It is just a string of numbers that provides classification.

The only way it could be a virus is if the "Scanner" was also programed to read the code is a specific manner other then as string data. This would mean the software used to decode the signal being scanned from the RFID has to be hacked.

An RFID has to be "burned" in which case the data is hard coded into the chip much like your Binary ROM data in your motherboards BIOS chip. Ro reprogram it you have to make the connections to the RFID chip in the right lead order. Almost all current RFID are a "Burn once" design.

The specification process to determine a universal protocol to RFID encoding is still yet to be ratified so at this time you have multiple standards for the string encoding and those corresponding strings must be logged in the scanning software to recognise the item from the string database. Without the corresponding string data when the RFID is scanned it comes back "Tag not found".

example Walmart

(this is not the specific Walmart RFID code but an example of how their system works)

String code

AB-00105-123A-05-5010

AB= (Vendor code) Shinzo Industries

00105- (Catalog or Vendor Itemized product code) 12" Girls Bike

123A- (Vendor model) Fun Ride Yellow and Pink

05- (inventory control code) (software system records current date and time on receiving scan and marks for this item, global database then knows when this item came in to main stock and can be assigned new stock locations as it is transfered from main distribution to store level receiving) Example the above code AB-00105-123A-05-5010 was scanned 3/21/06 at 5:15pm and the following week AB-00105-123A-02-3021 was scanned on 3/29/06 at 8:08am. Same basic item but the receiving key is different along with the serial number. Even if the number was AB-00105-123A-05-3021 it would get logged and associated with the date it came in because it store the entire string code for reference, the specific two digits have no function except to tell the sofware to record this string in this table and mark it with the current system date and time. Just makes cross checking for receiving dates easier to call the function by having a specific field to scan such as XX-XXXXX-XXXX-[FUNc]-XXXX

Call-Call-Call -update -Call

Call looks to the database and brings back the matching data

Call for AB- find vendor AB populate Field 1 with Vendor matching AB

Call for 00105 - find catalog item under AB record that matchs and populate Field 2

Call for 123A - find item model number under catalog item section 00105 and populate Field 3 with matching

Update- Get System Date and Time and populate Field 4

Call 5010 - find matching Serial number key from Catalog Item subsection Model number that matches and populate Field 5

IF when all Fields return [true] then update QTY Received value +1

Close record

So then the master RFID table would look like this

AB00105123A055010 - Shinzo Ind, 12 GIRLS BK, Fun Rd Yl Pnk 3/21/06 5:15P 990321045010

So now anytime someone within the Walmart system scans that item they will retrieve the information and know when it came into stock the vendor etc. The whole purpose is to keep track of the store stocking levels. How many on the shelf when they got there how long in stock etc. As well as making the inbound receiving into the system simpler.

If we are talking high value items and Walmart want to dispte that only 1,100 were received and not the 1,110 that the vendor is claiming they can provide an exact receiving log of every unit received as well as the shipping disposition to the store level and know if in fact the units were received and where they currently are or were last inventoried.

At the checkout Barcode UPC scanner can be combined with RFID logger to record the sales event and match the exact serial number sold on which ticket.



5010- (Serial number UPC Cross check) Key log provided by manufacture that associated box Serial Number or UPC check code to RFID tag. Most current application specs call for RFID code to be sandwiched in Serial number or UPC label.

Since the scanning system and decoding software is set to recogonise the fields and then look back to a database before update the master item record any value not associated with a matching record in the global database returns a not found value. At which point an exception entry is done where the receiving people have to manual enter the RFID codes and the fields that are to populate in the database, date time, serial number if provided or UPC. This data goes back to both an IT Cue and a PM Management cue to track the vendor compliance information on inbound receiving. Once issues are resolved and vendors supply either updated RFID master Logs or are asked to refine RFID placement or to comply with encoding and readability standards, If for example the placement in the RFID zone on the label is incorrect or the density of the label material and ink composition interferes with the scanning software.





[edit on 21-3-2006 by robertfenix]



posted on Mar, 21 2006 @ 05:37 PM
link   
You need to read the article, I was dubious too but from what I glanced at it's not an exploit in the reader even. They are talking about writing in SQL exploits and such instead of ID code, so when it's executed on the main database it carries out it's function. It's just a carrier, see?
We suffered a major exploit hack on our PHP/SQL based gallery at work, a user uploaded some software like a picture and it then executed turning our server into a spamming machine and deleting all image files on the server.
This is the same thing but using the RFID tag as a carrier, the only remarkable thing is getting enough code into a small enough capacity tag to carry out any damge and replicate.
This is a real problem, and this is just with basic tags, not even the contactless smartcards like in passports.



posted on Mar, 21 2006 @ 05:44 PM
link   
the SQL hack has to be software side and nothing to do with the actual RFID chip itself. Sure you can write a SQL exploit that is activated when it "reads" a specific scanned item. Just like you can do with a present day POS scanner.

But you have to know how the software reads the barcode and you need the hack to be resident just waiting for the return line to then execute the code.

Such as you take the UPC code of a 20 oz box of lucky charms and you design the system to when ever it reads that upc to make a 100% discount on the ticket. Or whatever. But you have to have that installed on the software side

You can program a UPC scanner by scanning a simple bar code only because the background software knows what it is reading ahead of time and usually require two or three scans of a programing start and end string to make the changes.



posted on Mar, 21 2006 @ 05:51 PM
link   
OK my knowledge is limited, but I know you can write exploits that you input as a line of code (say in the 'name' field) which somehow (knowledge limited) executes when inputted into the database.
If the string is storded on the RFID, then when it is scanned it will be inputted into the database (say an SQL based one) and will then execute, possible copying itself into other RFID fields and running any other malicious code. This would not work in the copying sense with RFID chips which are Read Only, but arn't there some you can write too now?
The RFID is just the carrier for the string you type into the URL bar, or when you upload a file, etc



posted on Mar, 21 2006 @ 06:14 PM
link   

Originally posted by AgentSmith
OK my knowledge is limited, but I know you can write exploits that you input as a line of code (say in the 'name' field) which somehow (knowledge limited) executes when inputted into the database.
If the string is storded on the RFID, then when it is scanned it will be inputted into the database (say an SQL based one) and will then execute,


These things are fairly easy to guard against if you take the proper precautions. You have to make sure that your input is a quoted string and that special characters are converted to eliminate problems. For instance:

<A href=www.abovetopsecret.com>This is a link</A>

See, the above text was entered to force your browser to display it as text instead of an actual link. The same thing can be done in SQL. Of course since humans do the programming there will always be loop-holes and buggy code somehwere.

[edit on 21-3-2006 by dbates]



posted on Mar, 21 2006 @ 06:15 PM
link   
No the RFID carrier is the actual chip itself, the data is a hard encoded string which is just a series of numbers or letters. Meaningless in itself and not possible to be transmitted as a "program" unless the scanning software has an internal function call loop that the hackers are trying to address much like my example of reprogramming the scanner.

You would have to know that the scanning software already has a function call sequence that you could exploit. But to do this the hard encoded data on the RFID would have to be reset to the new string.

X1-XX1X1-ABCX-99-XYX1 where certain parts of this can not be used by the software user or in the database such as no "99" codes because this initiates the programming function so then all the data must not use a 99 in that location.

The other code bits then refer to specific machine code instruction built into the software like, remove all keys all fields, or overwrite all files, set Date Time to 9999999 etc

Only the main software code could do this and without built in functions like this and without knowing the back end process and function of the scanning software there would be no way you could manipulate an RFID chip into transfering or spawning some type of malicious virus, trojan etc



posted on Mar, 21 2006 @ 06:17 PM
link   
This topic has been covered in an earlier thread made 4 days before this one.

Scientists: RFID Chips Can Carry Virus

Please continue the topic there.
Thanks.




top topics



 
0

log in

join