RFID systems as a whole are often treated with suspicion, but the
input data received from individual RFID tags
is implicitly trusted. RFID attacks are currently conceived as properly
formatted but fake RFID data; however no one
expects an RFID tag to send a SQL injection attack or a buffer overow.
This paper is meant to serve as a warning
that data from RFID tags can be used to exploit back-end software
systems. RFID middleware writers must therefore
build appropriate checks (bounds checking, special character altering,
etc..), to prevent RFID middleware from suffering
all of the well-known vulnerabilities experienced by the Internet.
Furthermore, as a proof of concept, this paper
presents the rst self-replicating RFID virus. This virus uses RFID
tags as a vector to compromise backend RFID
middleware systems, via a SQL injection attack.
%0 Conference Paper
%1 rieback06catvirus
%A Rieback, Melanie R.
%A Crispo, Bruno
%A Tanenbaum, Andrew S.
%B PERCOM '06: Proceedings of the Fourth Annual IEEE International Conference
on Pervasive Computing and Communications (PERCOM'06)
%C Washington, DC, USA
%D 2006
%I IEEE Computer Society
%K RFID
%P 169--179
%R http://dx.doi.org/10.1109/PERCOM.2006.32
%T Is Your Cat Infected with a Computer Virus?
%X RFID systems as a whole are often treated with suspicion, but the
input data received from individual RFID tags
is implicitly trusted. RFID attacks are currently conceived as properly
formatted but fake RFID data; however no one
expects an RFID tag to send a SQL injection attack or a buffer overow.
This paper is meant to serve as a warning
that data from RFID tags can be used to exploit back-end software
systems. RFID middleware writers must therefore
build appropriate checks (bounds checking, special character altering,
etc..), to prevent RFID middleware from suffering
all of the well-known vulnerabilities experienced by the Internet.
Furthermore, as a proof of concept, this paper
presents the rst self-replicating RFID virus. This virus uses RFID
tags as a vector to compromise backend RFID
middleware systems, via a SQL injection attack.
%@ 0-7695-2518-0
@inproceedings{rieback06catvirus,
abstract = {RFID systems as a whole are often treated with suspicion, but the
input data received from individual RFID tags
is implicitly trusted. RFID attacks are currently conceived as properly
formatted but fake RFID data; however no one
expects an RFID tag to send a SQL injection attack or a buffer overow.
This paper is meant to serve as a warning
that data from RFID tags can be used to exploit back-end software
systems. RFID middleware writers must therefore
build appropriate checks (bounds checking, special character altering,
etc..), to prevent RFID middleware from suffering
all of the well-known vulnerabilities experienced by the Internet.
Furthermore, as a proof of concept, this paper
presents the rst self-replicating RFID virus. This virus uses RFID
tags as a vector to compromise backend RFID
middleware systems, via a SQL injection attack.},
added-at = {2008-07-22T13:15:41.000+0200},
address = {Washington, DC, USA},
author = {Rieback, Melanie R. and Crispo, Bruno and Tanenbaum, Andrew S.},
biburl = {https://www.bibsonomy.org/bibtex/25a9c3cfc41b1d3db0ac55870977064b0/pape},
booktitle = {PERCOM '06: Proceedings of the Fourth Annual IEEE International Conference
on Pervasive Computing and Communications (PERCOM'06)},
doi = {http://dx.doi.org/10.1109/PERCOM.2006.32},
file = {percom.06.pdf:percom.06.pdf:PDF},
interhash = {ca0795d487105e5e714d40ea0660ef8b},
intrahash = {5a9c3cfc41b1d3db0ac55870977064b0},
isbn = {0-7695-2518-0},
keywords = {RFID},
pages = {169--179},
publisher = {IEEE Computer Society},
timestamp = {2008-07-22T13:16:01.000+0200},
title = {Is Your Cat Infected with a Computer Virus?},
year = 2006
}