back to article My RFID-embedded car numberplate has a virus

Spyware - malicious programs that covertly track surfing habits or steal confidential data - are likely to migrate onto new platforms, including mobile phones and RFID chips. The scenario is sketched out in the second issue of McAfee's twice annual Global Threat Report. RFID chips, which began life as a replacement for bar …

COMMENTS

This topic is closed for new posts.
  1. Bert Moore

    Not Likely

    RFID viruses could only work if you create a special back end system that is designed to allow itself to be corrupted. (And we all try to develop those kinds of systems, right?)

    License plate RFID tags (like companion animal ID tags -- e.g., "Does Your Cat Have a Computer Virus?") will have only a simple number in them. To "infect" a computer system, you'd need 1) a lot more memory to carry code and 2) a system stupid enough to accept anything other than the number as anything other than a database entry. In fact, the system would have to be stupid enough to accept unexpected data and move it up to the enterprise software "just to see what happens."

    Now, here's what happens in real life. Imagine you're typing your phone number into a database field. Instead of your phone number, you try to input a program. The database will accept only numbers and only the right number of them. In other words, it will ignore your attempts to do anything except enter the correct number of digits. That's what any decently designed (not even really smart) RFID system will do with unexpected data. Ignore it.

    In fact, it's exactly what happens in this space if you try to input HTML tags. They simply don't work. Neither will these so-called RFID Viruses.

    So, don't believe in this imaginary threat. Remember, a small amount of common sense will overcome a whole lot of stupid.

  2. Chris

    Have you been hiding for the past 7+ years?

    Bert, I don't mean to be rude, but have you been hiding under a stone for the past 7+ years? There's this thing you might have heard of called a "buffer overflow". It's quite common. And it's very real. And yes, it does have to do with front-end systems (and probably some back-end systems, as well) not vetting the information fed into them.

  3. auser

    Classical example of technology used the wrong way.

    License plates can be read with optical scanners and many toll road systems and most police cameras do that just right. Adding rfid is not needed in this case.

    The threat can be seen in better light if we take active rfid tags into consideration. They have their own power source and can be reprogrammed via the radio link. They are used as writable stickers, when the system needs more info on the chip than its serial number. Many japanese mobile phones contain this active rfid chip. It's good because one can copy his entry card into his phone or in other cases, someone is able to 'borrow' a card from someone else and use it, along with the identity of the owner. This technology is largely unused now but already depolyed.

    Adding strong cyptographic capabilities needed for secure data transfer would drive costs sky high, so this is not an option today. We are left with a chip that can only be protected with an electromagnetic shield (a faraday cage). But when we need this, it's much easier and usually cheaper to just use an optical scanner, like a videocamera.

    ps: To crash or break a system with an rfid reader, you can just send garbage until you find a failure in the code.

  4. GettinSadda

    What's wrong with my numberplate?

    Strangely enough, several systems seem to have difficulty with my number plate - it is:

    SN06 PRQ;drop database

  5. Anonymous Coward
    Anonymous Coward

    the RFID e-Plate is needed?

    the current plan is something like this, read the number plate with the Optical system - and at the same time poll the 17 digit vehicle VIN (ISO Standard 3779) from the vehicle chassis RFID system, check the database to see if the RFID VIN ties up with the License plate , then issue speeding ticket or road pricing e-token, or AMRAAM type system to disable the vehicle??. The RFID will be EPC Global generation 2 passive UHF, able to be read from at least 7.5 metres away. The reason that this system is needed is due to the allegedly high cloning rate of number/license plates in the UK and other places where road pricing "Congestion Charges" have been introduced.

    The system will obviously improve security as well as providing secured road cost payments.

  6. daniel

    re: RFID e-plate

    Intially, an eplate seems a good idea as that would make plate cloning difficult (i.e. signing a plate number with a DMV/DVLC/Ministry of transport certificate - just like an active radar jammer, a wrong squark would mean getting a pull by the local law.

    Once again, the devil is in the details. Just as El Reg mentionned a few months ago about RFID passports (& putting them in the microwave for 10 seconds), it would be easy to put a CB aerial magnet over the numberplate and fry the tag... or for even more nefarious uses, stick a print out of an RFID tag that contains no electronics, so a tag is seen, but nothing works. The police would, just like customs & immigration, issue the driver with a slip informing them of the fact that the rfid chip is dead and would they please go any buy a new numberplate & chip for 95 beertokens at the soonest possible opportunity, and then some enterprising bugger will propose cloned tags over the net for 10 quid...

    Even better would be nicking the chip (or cloning it) from other cars and getting them done for speeding...

    Once again, technology will p*ss legit users off, and will only stop the dumbest felon, and then, only for a short time...

    Cheers,

    Daniel

This topic is closed for new posts.

Other stories you might like