RFID (radio frequency ID) tags are soon going to be in everything. But do we really know what we’re letting ourselves in for?
Last month some Dutch researchers said they had created a virus capable of infecting RFID tags, an assertion that was poo-pooed by quite a few security folk. The researchers said the virus could infect back-end systems, making it possible, they said, to a prankster replace an RFID tag on a jar of peanut butter with an infected tag to infect a supermarket chain’s database; a subdermal (i.e., under-the-skin) RFID tag on a pet used to upload a virus into a veterinarian or ASPCA computer system; and, most alarmingly, a radio-frequency bag tag used to infect an airport baggage-handling system.
This was all very theoretical, which is a nice way of saying far-fetched and somewhat Bondsian. But now a bunch of Australian researchers, according to Tom Espiner of ZDNet UK, has “proven that effective attacks can be launched against RFID tags.” Basically, the tags stop functioning after they’re overloaded with data.
In the tests, the Australian researchers saturated the frequency range used by the tags, which prevented the tags from talking to the readers. … They demonstrated that from a range of about 3 feet, they could disrupt communications between tags and readers, putting the tag into a “communication fault state.”
This is techie-speak for “broken”.
This is somewhat worrying, because RFID tags are not just used in peanut butter. The military uses them for keeping tag of supplies; hospitals of supplies and patients. That kind of thing. Imagine the chaos if folk found out how to put tags in important installations into “communication fault state”. And, much more importantly, for gambling. A recently approved patent, for example, envisages lottery tickets carrying RFID so they can be validated and tracked. I’d not like to be around if someone found their winning lottery ticket had been converted by a jealous neighbour into a “communication fault state.”
Who knows whether these kind of attacks might find their way out of the lab and into the hands of bad guys? We were probably asking this question of ourselves back when computer viruses were silly little things that threw up messages about freeing hashish from the strictures of law. Now look what viruses are doing. Not much fun, I grant you, but we ignore these warning signs about RFID at our peril. If RFID is going to be in everything, let’s make sure it works. As the Australian researchers themselves conclude:
Vulnerabilities in the newer UHF style of RFID tags have been found and are of concern for anyone trying to implement a RFID system that would have mission critical or human life issues involved in it.
Here’s another addition to the directory of mind mapping software I’ve been building: Mind Pad, launched today by AKS Labs. I haven’t played very much with it, but while it starts out as a straightforward mind-mapping program, it offers more:
Creating and linking text blocks is easy with Mind Pad. But it can do more. Mind Pad allows you to organize in mind map objects with any properties set. With Mind Pad scripting you can create your own rules for data management and representation.
Mind Pad suggests a new approach to mind mapping. Now, mind map is not just a lot of linked text blocks. Mind Pad allows to create your own frame objects with unique properties that are most suitable for your business. You can organize those objects into some hierarchy or map.
For instance, with Mind Pad Model Editor you can easily create an object called “Contact Person” and assign to it some really useful properties, such as Person name, Company name, Next time to contact date. Then you can create a mind map using “Contact Person” frame object and link new objects with each other showing the relation between your contacts.
Check it out. There’s a trial version, a full copy costs $60.