Topic: Sophos: Scientist Infected With Virus via Chip Is Just Scaremongering

[Samker]

Security vendor Sophos has slammed a technology experiment in which a British scientist infected himself with a computer virus.

Dr Mark Gasson from the University of Reading: http://www.reading.ac.uk/ infected a computer chip implanted in his hand with the virus and then transmitted it to a PC to prove that malware can move between human and computer.

Gasson uses the chip as a security pass to gain secure access to the university building, and to activate his mobile phone.

He said the implications for computer viruses in implants are far-reaching, and could potentially affect those with pacemakers and other medical devices.

Someone with an infected chip implant could potentially infect someone else, while a person with two devices under the skin could run the risk of viruses passing between the two chips, he said.

However, Sophos says that while it is possible to put any software code onto an RFID chip, the code would not be read until an RFID reader came into contact with the affected chip.

Furthermore, the software connected with the RFID reader itself would need to have a security vulnerability in order to allow the malicious code to be run.

"Scientists should be responsible in how they present their research, rather than hyping up threats in order to get headlines," said Graham Cluley, senior technology consultant at Sophos.

"Any virus code on the RFID chip would be utterly incapable of running unless a serious security hole existed in the external device reading it. RFID chips normally just have data read from them, rather than 'executed', so the chances of a virus infection spreading in this fashion is extremely remote. "

Cluely added he had "more chance of being flattened by a falling grand piano than I have of getting my dog infected by a PC virus next time I take him to the vets".

"The main progress that appears to have been made from such research is not a contribution to computer security, but a full-proof method of ensuring that university staff don't forget their office door pass in the morning," said Cluely.

"Predictions of pacemakers and cochlear implants being hit by virus infections is the very worst kind of scaremongering."

(PCW)