The digital plague

Just when we thought we had rid ourselves of the plague it has come back in a more modern form, infecting pets, airports and supermarkets through radio frequency identification tags (RFID).

These are small, relatively cheap microchips that can be used to mark supermarket products and can be implanted into pets or livestock. The same chips are used in public transport chip cards, ski passes or on baggage labels at airports.

As these chips only have a limited memory capacity, it was widely assumed that they could not become infected with a computer virus. However, researchers at VU Amsterdam have found that this is not the case.

Just one infected RFID tag is capable of disrupting an entire system, vets, supermarkets and airports could all become victims.

For example, owners of dogs could have their pet microchipped with an RFID tag and then rewrite the chip with a virus using commercially available equipment.

After this, the dog is taken back to the vet and claimed to be a stray, the vet then scans the dog to see if it is in the database which in turn infects the vets database with the virus from the microchip.

Since the vet uses this database when creating tags for newly-tagged animals, the new tags will also be infected. So now if any of the newly-tagged animals are scanned at other vets, that vets database will be infected, too.

So the virus is passed from database to animal to database to animal.

Supermarkets are another weak spot for the digital virus, with some planning to replace barcodes on products with the chips.

Walmart, the US supermarket chain, expects to make a total switch to products with RFID chips within the next few years.

The tags identify themselves, the scanner registers the products bought and the total bill can be debited directly from a nominated bank account.

Customers could shop, get home and remove the chip attached to one of the items they have purchased and replace it with a chip they have purchased and written a virus on using equipment they have bought commercially.

Then the shopper could go back to the supermarket and repurchase the item and as it is scanned the virus from the chip infects the supermarket's product database. Potential damage includes changing product prices.

And from May 2006, some airports are planning to attach RFID tags to suitcases to speed up the baggage handling process.

Some people are concerned that the tags will be hacked into causing the disruption of an entire system because once an RFID tag with a virus is scanned the virus can invade the entire system.

For example, if an infected RFID tag was attached to a suitcase, as soon as the case is scanned, the virus will be able to invade the airport's central baggage database and all cases subsequently checked in will also become infected.

On arrival at other airports, these cases will be scanned again and within 24 hours, hundreds of airports throughout the world could be infected.

Potential damage includes cases being smuggled through the airport undetected or baggage being sent to the wrong destinations.

Fortunately, the threat can be reduced by using standard methods such as implementing safety procedures and securing program technology.