Threat Research & Response Blog
Most people would be aware that biological viruses can be airborne, and can spread in this manner. For instance a common flu virus is able to survive in a fine mist of water droplets suspended in mid air until it lands on the next host. Luckily, not all viruses are created the same - some can't "fly", some "fly" but can't "land", some land but can't reattach themselves to a host.
Interestingly enough the same analogy persists in the realm of computer viruses. Would my computer or a smart device get infected if I came close to an infected laptop or a PDA? Continuing the analogy from the biological world, it depends on the ability of an already-infected system to deploy viruses into the common medium for transmission (air in our case), the host’s defences against such an attack, and the ability of the virus to penetrate those defences. Technically speaking, if a virus broadcasts itself utilising a wireless data transfer protocol and another system accepts this transmission and transfers control to the received data, then we may have a case of an "airborne" infection. The most plausible case scenario might include a virus that utilises a vulnerability in the driver of a wireless device or a service using either TCP/IP or Bluetooth protocols. However, despite the growing numbers of wireless devices, including smart phones, PDAs and 2G, 2.5G, 3G and GPRM network services, so far we've been fortunate to not have outbreaks of this nature. Perhaps this 'good fortune' can be ascribed to several factors, including the diversity of wireless platforms, drivers, and services which limit the possibility of replication as well as the prevalence of security measures aimed at plugging holes exposed by vulnerabilities.
The situation is a bit different with common Radio-Frequency Identification (RFID) devices. We use them every day - some of us without even realizing it. For instance books or DVDs in some libraries have RFID tags that are scanned when they go in and out of a library database. We are granted access to offices and restricted premises using RFID badges. Some supermarkets and warehouses have run pilot programs to track and scan goods using RFID tags. Many countries have started using RFID for admittance to public transport, toll roads and passport control. Since 1998 ExxonMobil has been using RFID for fast transactions at the pump. The use and demand of RFID technologies is increasing.
At a basic level we have two devices: an RFID tag and an RFID scanner. When an RFID tag comes within close proximity of the RFID scanner the scanner reads and processes information from the tag. A tag can be active or passive - that mostly means either the presence or absence of an internal power source. If there's no internal power source, RFIDs use a wire coil which picks up electromagnetic energy from a reader. The tag can be read or written to. The tag could store identification information, as well as arbitrary information acting as a portable storage device used by a service application in any way it finds useful. For instance, a tracking system can update a tag on a package when it passes certain check points.
At a hardware level an RFID tag normally consists of a receiver, a transmitter, and a micro-controller which facilitates the exchange. The RFID sensor or a reader/writer is pretty much the same except perhaps the transceiver is a bit more powerful and the micro-controller usually has more processing power than an RFID tag. Normally, information stored on the tag has to be authenticated to prevent counterfeiting but because tags are thought of most often as a disposable device with the cost of manufacturing kept low, generally RFID tag micro-controllers are not powerful enough to employ sophisticated means of a robust real time encryption and are susceptible to attacks.
Most of the time an RFID reader is connected to some sort of database software to process data received from the tag. Once the tag is compromised it further opens possibilites for various scenarios of security breaches. For instance using an SQL injection vulnerability technique one may be able to force the system to run a stored procedure or a malicious binary code inside a database engine, which in turn can write code back to each passing tag, hence aiding in the propagation of the attack. In a succession of several blogs I'd like to explore the features and various standards of RFID devices and their security - perhaps going under the hood of most common hardware and software configurations. --Oleg Petrovsky