|
| RFID chips are often implanted in pet cats. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have advised
users not to panic following media reports of a virus which infects
RFID tags*.
A paper entitled "Is your cat infected with a computer virus?",
written by a group from the University of Amsterdam, has theorized
that it is possible for an RFID tag to carry a virus and, in
exceptional circumstances, to spread via vulnerable RFID readers
and middleware.
The semi-academic paper is full of assumptions that have to be
realized before it is possible to create a virus that will use RFID
tags to spread. It is worth mentioning that the virus code
described in the paper works only on the environment constructed
specially for the purpose by the authors of the paper and that
there are no known vulnerabiltities like that in any real RFID
middleware system.
"The researchers who wrote this paper failed to find a
vulnerability in the RFID system for their virus to exploit. So
they had to deliberately build a system with a problem for their
virus to try and use to spread," said Graham Cluley, senior
technology consultant for Sophos. "Any data storage device can
carry virus code , but it doesn't necessarily mean that the virus
would be able to spread successfully. In this instance, the
researchers failed to show how an RFID virus could spread in the
real world."
Sophos believes that businesses should focus on the real risks,
rather than be diverted by hype. Organized criminal gangs behind
virus and Trojan horse attacks are concentrating their financially
motivated malware on the Windows platform.
"The sky is not falling, and no-one should be diverted from the
important task of dealing with the very real risks posed by
conventional viruses. Windows desktops and servers are the main
battleground for viruses right now, not the aisles of the
supermarket or at the vets when you get your pet cat chipped,"
continued Cluley.
* RFID tags are small chips that can carry a small
amount of data, in order to replace barcodes often used in
supermarkets and warehouses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.