According to some tinfoil hat wearing alarmists in the Netherlands, RFID chips can carry computer viruses

Now, normally, I’d just pass this off as more stupidity generated by the ignorant media. But the guys saying this have degrees, so this is a different class of quackery entirely.

Lets look at current RFID devices. Basically, what we are talking about is a passive electronic device. It sends a code when a low power magnetic field passes nearby. Yes, there are some active RFID devices, but the ones used at stores for product identificaiton most definitely are *not* of this variety. The more advanced type of passive device *can* store data, , but they don’t download “code”- just strings of data. And RFID devices don’t actually *do* anything with this data- they don’t process, just store/regurgitate.

Okay…so how can an RFID device carry a “virus”? Well, they could carry carefully crafted data that in theory could be designed to in some way foul up a badly written program in an RFID scanner. This intrusion would be akin to an SQL injection used on a website- the data isn’t active, but the data causes a failure in poorly written piece of software.

But lets be clear here…a barcode could do the same thing. Yes…it could. If you wrote your barcode scanner poorly. As could any other piece of data entered into any poorly written piece of software. As could any data…even manually entered data.

Netting it out, there is nothing new here. Yes, folks writing software for data entry should take care to parse/filter/detoxify any input. They should be doubly-careful with any data entry that is or could be potentially automated. But this isn’t some new RFID terror- its just old fashioned coding practice.

Maybe one day, when we implant self-aware computers directly into our brains, we’ll have something to worry about on this topic. That day isn’t today.

Technorati Tags: ,

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.