logo
Go to the homepage of the Vrije Universiteit. Go to the homepage of the faculty of sciences.

How to Write an RFID Virus


A virus performs two basic functions: it replicates itself and, optionally, it executes a payload. To replicate itself, the RFID virus uses the database. The details of replication depend on the database that is used, but broadly two classes of viruses can be distinguished: the one uses self-referential queries, the other uses quines. The payload the virus can execute depends both on the self-replication mechanism and the database that is targeted.

Replication Using Self-Referential Queries


Database systems usually offer a way to obtain the currently running queries for system administration purposes. However, these functions return queries as an normal string, which makes it possible to store them in the database, thereby replicating the query.

We have developed two versions of the virus, one that is contained in a single query, and one the requires multiple queries. The virus using a single query requires less features from the database, but cannot carry SQL code as a payload. The virus using multiple queries requires a database that supports this, but it does allow SQL code as a payload.

Details on the virus using self-referential queries can be found here.


Replication Using Quines


A quine is a program that prints its own source code. By copying its own sourcecode into the database - from where it is later copied onto tags - the virus can replicate itself. Our quines require multiple queries, which means they are not supported on all databases. However, they do allow SQL code to be executed as a payload.

Details on the virus using quines can be found here.


Payloads


Depending on the type of virus and the database that are used, different kinds of payloads can be included. If a virus using multiple queries is used, SQL code can be executed on the database. Depending on the database permissions, this may allow the database to be deleted. If a web-based management interface is used, it may be possible to execute Javascript in the browser of a user of the management interface. In the worst case, it may be possible to execute shell commands on the webserver or database server. In this case, the damage is limited only by the permission with which these commands are executed.

More details on the different kinds of payloads can be found here.


Previous What is RFID Malware?
Up RFID Viruses and Worms
How to Write an RFID Worm Next

Last modified: Thursday, 02 March 2006 21:26, CET
If you spot a mistake, please e-mail the maintainer of this page.
Your browser does not fully support CSS. This may result in visual artifacts.