%0 Conference Paper %1 rieback06catvirus %A Rieback, Melanie R. %A Crispo, Bruno %A Tanenbaum, Andrew S. %B PERCOM '06: Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06) %C Washington, DC, USA %D 2006 %I IEEE Computer Society %K RFID %P 169--179 %R http://dx.doi.org/10.1109/PERCOM.2006.32 %T Is Your Cat Infected with a Computer Virus? %X RFID systems as a whole are often treated with suspicion, but the input data received from individual RFID tags is implicitly trusted. RFID attacks are currently conceived as properly formatted but fake RFID data; however no one expects an RFID tag to send a SQL injection attack or a buffer overow. This paper is meant to serve as a warning that data from RFID tags can be used to exploit back-end software systems. RFID middleware writers must therefore build appropriate checks (bounds checking, special character altering, etc..), to prevent RFID middleware from suffering all of the well-known vulnerabilities experienced by the Internet. Furthermore, as a proof of concept, this paper presents the rst self-replicating RFID virus. This virus uses RFID tags as a vector to compromise backend RFID middleware systems, via a SQL injection attack. %@ 0-7695-2518-0

@inproceedings{rieback06catvirus, abstract = {RFID systems as a whole are often treated with suspicion, but the input data received from individual RFID tags is implicitly trusted. RFID attacks are currently conceived as properly formatted but fake RFID data; however no one expects an RFID tag to send a SQL injection attack or a buffer overow. This paper is meant to serve as a warning that data from RFID tags can be used to exploit back-end software systems. RFID middleware writers must therefore build appropriate checks (bounds checking, special character altering, etc..), to prevent RFID middleware from suffering all of the well-known vulnerabilities experienced by the Internet. Furthermore, as a proof of concept, this paper presents the rst self-replicating RFID virus. This virus uses RFID tags as a vector to compromise backend RFID middleware systems, via a SQL injection attack.}, added-at = {2008-07-22T13:15:41.000+0200}, address = {Washington, DC, USA}, author = {Rieback, Melanie R. and Crispo, Bruno and Tanenbaum, Andrew S.}, biburl = {https://www.bibsonomy.org/bibtex/25a9c3cfc41b1d3db0ac55870977064b0/pape}, booktitle = {PERCOM '06: Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06)}, doi = {http://dx.doi.org/10.1109/PERCOM.2006.32}, file = {percom.06.pdf:percom.06.pdf:PDF}, interhash = {ca0795d487105e5e714d40ea0660ef8b}, intrahash = {5a9c3cfc41b1d3db0ac55870977064b0}, isbn = {0-7695-2518-0}, keywords = {RFID}, pages = {169--179}, publisher = {IEEE Computer Society}, timestamp = {2008-07-22T13:16:01.000+0200}, title = {Is Your Cat Infected with a Computer Virus?}, year = 2006 }