IT security and data protection firm Sophos is pouring cold
water on research from the University of Reading, after Dr Mark
Gasson, a senior research fellow working at the university's
Cybernetic Intelligence Research Group, infected himself with a
computer virus by implanting an RFID chip into his hand.
Sophos experts claim that while it is possible to put any
software code onto an RFID chip, the code would not be read until
an RFID reader came into contact with the affected RFID chip.
Furthermore, the software connected with the RFID reader itself
would need to have a security vulnerability in order to allow the
malicious code to be run.
Nevertheless, Dr Gasson has claimed that in the future that
pacemakers and deep brain stimulators could be infected by other
devices.
"Scientists should be responsible in how they present their
research, rather than hyping up threats in order to get headlines,"
said Graham
Cluley, senior technology consultant at Sophos. "Any virus code
on the RFID chip would be utterly incapable of running unless a
serious security hole existed in the external device reading it.
RFID chips normally just have data read from them, rather than
'executed', so the chances of a virus infection spreading in this
fashion is extremely remote. Frankly, I've got more chance of being
flattened by a falling grand piano than I have of getting my dog
infected by a PC virus next time I take him to the vets."
Sophos notes that staff at the University of Reading have
courted the media on many occasions with tales of how they have
implanted RFID chips into their bodies.
"The scientists in Reading seem more interested in implanting
chips inside themselves rather than their pet cat - but the fact
remains that it makes no difference if an RFID chip is injected
under your skin or stitched into the lining of your jacket,"
explained Cluley. "The main progress that appears to have been made
from such research is not a contribution to computer security, but
a fool-proof method of ensuring that university staff don't forget
their office door pass in the morning. Predictions of pacemakers
and cochlear implants being hit by virus infections is the very
worst kind of scaremongering."
For more information about the experiment please visit Graham
Cluley's blog
.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.