Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

RFID Privacy Forum

BlogsRFID Privacy ForumMcAfee Report Hypes RFID Threat

McAfee Report Hypes RFID Threat

Claims contained in a new security report are bogus.
Posted By Mark Roberti, 04.23.2007
Tags: Privacy
It's hard to imagine that a company whose reputation depends on trust could issue a report littered with exaggeration and unsubstantiated claims, but that's exactly what security software vendor McAfee has done. Its April "Sage" report suggests radio frequency identification tags could be hacked in such a way as to expose the data in a company's back-end database. However, the report presents no evidence whatsoever, doesn't even explain how this could be done and goes on to raise other bogus privacy concerns as well.

The report, issued semiannually by McAfee Avert Labs based on its research into high-tech threats, reads, in part: "RFID readers could contain vulnerabilities that would allow RFID chips to contain exploits to steal information from backend databases." Okay, technically, I guess you could hack an RFID tag that could take advantage of some undiscovered vulnerability in an RFID reader, but it's also true that a clever hacker could write a code so malicious and fast-spreading it could bring down all of the world's major computer networks.

An exploit is a bit of code allowing a hacker to gain access to sensitive information. It's possible the report's claim about RFID having such a vulnerability might be based on a statement made back in 2004 by Lukas Grunwald, a German consultant who said: "It is only a matter of time before someone puts a root exploit on one of these tags and hacks into your supply chain" (see RFID Hack Could Allow Retail Fraud).

To date, I haven't seen a single shred of evidence, anywhere, that would substantiate these claims, and I truly doubt it is even possible. No, I'm not a software expert, but tags store flat data, not executable programs, s it's hard to see how you could use tags to penetrate systems containing RFID data. And even if someone were able to exploit a reader's vulnerabilities, most readers can be upgraded remotely so the loophole would be closed. (Yes, another might be found, and we'd have the kind of ongoing battle we have with PCs.)

Tomorrow, I'll take a look at the privacy issues raised in the "Sage" report.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Next Post
McAfee Recycles Old Privacy Fears
Previous Post
The Advantages of Going Cashless
Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations