RFID virus researchers “scaremongering” claims security expert

May 26, 2010
0
RFID virus researchers “scaremongering” claims security expert

Just as you were reeling from the prospect of your RFID-implanted arm, cat or badger trekking in whatever wireless viruses they'd picked up and accidentally wiping your HTPC, along comes the voice of reason to dampen down the scaremongering.  Graham Cluley, of security analysts Sophos, has accused the University of Reading researchers of link-baiting, suggesting that the team has "a long history" of using implanted chip technology to lure media attention, and scoffing that "frankly, I've got more chance of being flattened by a falling grand piano than I have of getting my dog virus-infected next time I take him to the vets."

The Reading team had grabbed headlines by demonstrating how an RFID chip - similar to those used to tag pets - could be infected with a virus, and then used to infect mobile devices and door-entry systems as it passed through.  Problem is, Cluley points out, "The fact is that that code would not be read until an RFID reader came into contact with the affected RFID chip and even then the software connected with the RFID reader would need to have a vulnerability that would allow the code to be run."

Moreover, the only reason they bothered implanting the chip into researcher Dr. Mark Gasson, he suggests, is that they know doing so - while irrelevant to whatever security issues might be present - will be enough to secure them media attention.  "In other words," Cluley concludes, "we haven't really learnt anything."


Must Read Bits & Bytes