An RFID virus is malicious code inserted into an RFID tag to alter or corrupt data in an RFID (radio frequency identification) system. The deliberate creation and spreading of this type of virus is called RFID hacking.
RFID technology, which uses tiny radio frequency (RF) transmitters and receivers to uniquely identify objects, is an increasingly popular alternative to bar code technology in supply chain management. RFID does not require direct contact or line-of-sight scanning. Instead, RFID tagging uses small transponders, called tags, for identification and tracking purposes. The total system includes:
- Transponders placed on or in objects to be identified
- A set of read/write devices at security checkpoints
- A host system application for data collection, processing and transmission
- An identification database, also known as a back-end database
If the back-end database is altered or corrupted, an entire security network can be compromised. For example, the system may interpret a bogus tag as a valid one, allowing criminals or illegitimate cargo to bypass RFID-based security systems. Conversely, the system may fail to acknowledge valid RFID tags, causing confusion and delays in transportation systems.
There is disagreement among experts as to the actual threat posed by would-be RFID hackers. Nevertheless, RFID hacking has been carried out under controlled conditions to demonstrate the potential vulnerability.