Researchers demo RFID tag virus

Concerns about the security of radio frequency identification (RFID) and virtualisation systems were raised last week, as researchers demonstrated vulnerabilities to malware infection in both technologies.

It had been thought that the small memories of RFID wireless tags meant viruses could not infect them. But last week researchers from Vrije University in Amsterdam showed that tags may be vulnerable.

The research team wrote an RFID tag virus using only 127 bytes, and explained how it might affect firms. For example, an infected tag on a suitcase could cause havoc with airport databases if the virus managed to spread itself.

As RFID deployments grow, the likelihood of attack increases, said Greg Day of security vendor McAfee. But he argued that the problem is mainly a back-end issue. "The RFID tag is just dumb data storage. The reader sucks that data up and it's how that gets processed in databases that could cause problems."

Adam Jura of analyst Datamonitor said these proof-of-concept attacks show that "tag vendors, reader vendors and middleware providers need to establish partnerships to reassure users they can secure this technology".

Also last week, researchers from Microsoft and the University of Michigan demonstrated a new attack against virtualisation software – another technology on the edge of mainstream adoption. The attack installs a rootkit beneath a virtualised server or desktop operating system, hiding it from security tools