“RFID is a broad term that encompasses everything from simple devices that contain a few thousand transistors and feature little or no security to contactless smart cards which are tiny computers that contain several million transistors and incorporate military grade security,” said Peter Lowe, Chief Technology Officer for HID Global, Irvine, Calif., in response to recent claims that RFID technology can spread viruses.
The current research on RFID viruses focuses on read/write RFID tags used for such applications as animal tagging and product identification in retail, and asserts that readers could interpret data stored on RFID cards as executable instructions. According to Lowe, the reality is that readers never interpret the contents of a card as executable code; they always interpret the contents as data only.
Lowe added that some smart cards do use read/write technology. “The benefit of this technology lies in the enhanced security it offers through encryption and mutual authentication, making it less susceptible to tampering,” he said. “Other techniques such as the use of digital signatures can be employed to verify the authenticity of data on a card and that the data came from a trusted source.”
Lowe also cited statements made by RFID scientists and experts from the International Organization for Standardization at a recent AIM Global meeting in Kyoto, Japan. The scientists and experts, responding to the research, emphasized “that there are two broad types of RFID tags, ones that have pre-encoded, or fixed data, and ones that have data that can be changed. Systems with fixed data such as those used to identify pets cannot be changed and therefore are immune to infection by a virus.”
Furthermore, most readers that control doors remain read-only and could not rewrite a card. “Comparing RFID tags used in animal identification and supply chain applications to contactless smart cards used in our industry is like comparing go-carts to military tanks,” said Lowe.