AIM Global, the trade association for automatic identification and mobility, has questioned the methodology employed by a European journal which suggested that RFID tags could be used to spread viruses.
AIM claimed that the study overlooked a number of fundamental design features necessary in automatic data collection systems and good database design. In other words, the researchers built a system with a weakness and then proceeded to show how the weakness could be exploited.
According to the trade group, poor system design – whether capturing RFID tag information, bar code information or keyboard-entered data – is bound to create vulnerabilities.
AIM drew attention to the fact that there are two broad types of RFID tags: ones that have pre-encoded or fixed data, and ones with data that can be changed. Systems with fixed data, such as those used for identification, cannot be changed and therefore are immune to infection by a virus.
The trade association further noted that the ability to insert a virus into the system implies that a tag contains executable code that can be recognized by the software. AIM said this was simply not possible with many RFID applications since they look for specific kinds of data and will either flag or reject anything that does not fit the data template.