Monday, May 15, 2006

How identifying a stray cat might open Pandora's box

A paper on RFID tags published by computer-security researchers from the Vrije Universitat Amsterdam points out some disturbing security flaws in the technology used to track pet animals. I was alarmed by the paper's title: "RFID Viruses and Worms"! The eponymous worms are not the same sort that cause so much intestinal damage, though, but the sort that wriggle through a computer and infect its gut.

One of the paper's co-authors is my old friend Mr Andrew Tanenbaum, whose seminal books on "Computer Networks" and "Operating Systems Design" are among my favourites to rub against -- they are big and sturdy, and offer a nice resistance when I push hard with my face.

The New York Times reported on this paper a few months ago:

One such standard industry problem is a software coding error referred to as a buffer overflow. Such errors occur when programmers set aside memory to receive data temporarily, but fail to require a check on the size of the value that is moved to the allocated space. A larger-than-expected value can cause the program to break and trick the computer operating system into executing a malicious program. ''You should check all of your input all of the time, but experience shows this isn't the case,'' Mr. Tanenbaum said.

But the Dutch research group warned that in a variety of situations it is possible for attackers to alter the information in an RFID tag to subvert its purpose.

''RFID malware is a Pandora's box that has been gathering dust in the corners of our 'smart' warehouses and homes,'' they write in their paper.

They also described situations of counterfeit RFID tags possibly being be used to subvert pricing and other aspects of commercial sales systems, or a virus could be inserted into RFID tags used to identify pets.


I always check all of my input. I usually check my output very carefully, too. I sniff it, and push at it with my front paws, and then bury it deep under a mound of shredded paper.

0 Comments:

Post a Comment

<< Home