תפריט נגישות

? Is that a (RFID) Tag or a Virus

המאמר מציג היבטי אבטחת מידע הקשורים לשימוש בתגי RFID (המאמר בשפה האנגלית)

Radio Frequency Identification (RFID) tags are becoming increasingly important in a wide range of industries and commercial situations for use in asset management, inventory control, automated payments, etc. A report released recently postulated that it would be relatively easy to configure RFID tags to infect corporate systems with viruses, and that this raises all kinds of concerns about the security and safety of these devices. Many people were genuinely alarmed by the report, heightening already elevated concerns that have been expressed by a variety of privacy advocates believing Big Brother is just around the corner and RFID is one of his primary tools. However, most people fail to realize that RFID as used in common applications, is approximately the equivalent of the bar code printed on every package on the shelf at a supermarket or retailer. The primary difference is in how the data is retrieved: bar codes visually through an optical reader and RFID via radio waves. So why have we not seen viruses spread via “infected” printed bar codes? We find the plausibility of a “hacker” spreading viruses via common RFID tags as extremely far fetched, and probably impossible. As virtually all RFID tags are read only devices, and are manufactured by a semiconductor process that writes unique information/identification into the chip at the manufacturing plant, how would a virus be inserted into the RFID chip? It could only be inserted if the semiconductor manufacturing process actually created it. This is highly improbable. And with only 96 bits of data available in the normal RFID tag, it is nearly impossible to conceive of a virus being written in such a short data stream that could negatively affect any normal computer systems, especially since the tag readers are only looking for numbers/letters within a text stream, and are not able to read computer instructions.

While the research report made some headlines, our suspicion is that the author had an “agenda” to pursue, rather than producing high quality research. Yes, there are concerns with privacy using RFID tags, but there are similar privacy issues with supermarket loyalty cards, credit/debit cards, etc. Usage of all of these can be tracked (and usually is tracked and analyzed extensively), and no one seems to be giving up on their use. That is because the benefits provided outweigh the potential down side. The same will be true of RFID tags. And for those customers truly worried about RFID, there is a simple solution. Once you have obtained the item, RFID tags can very easily be destroyed or disabled. They are highly susceptible to high powered radio waves, as you mind find coming from a microwave oven, and physical removal or destruction is often quite easy as well. In fact, we can easily envision an “RFID-terrorist” building a small handheld device to take to, say a Wal-Mart, and walking down the aisles and “zapping” all the tags on the shelves. It would be relatively easy to do.

Bottom Line: We expect RFID to continue its growth in the many applications where product tracking and identification are advantageous. While there are some legitimate privacy concerns, we believe they are greatly overblown in the popular press, and that these risks are no greater than that enabled by what is already contained within the wallets of most consumers. Companies deploying RFID can easily alleviate many fears by explicitly stating their RFID privacy policy and making sure consumers feel comfortable that no personal data will be shared with anyone.

 כותב המאמר הנו:

 Jack gold

jack.gold@jgoldassociates.com

פרסום באתר