Sunday, October 08, 2006

RFID Tags Shown to Trigger Viruses

RFID tags can be used to trigger SQL Injection Attacks. These attacks are possible because RFID tags contain strings of text which systems assume are safe. Often, input validation is not performed on data coming from RFID tags. This lack of validation results in the ability for an attacker to perform the injection attack.

A Computer Business Review article suggests:
"RFID software should not implicitly trust the data it pulls off RFID tags. It should be subject to the same security check as any potentially untrustworthy user input."


Post a Comment

<< Home