I always knew you had a sweet tooth Marc. ;)

Hmm. So the chip itself has firmware that can be reprogrammed and then, infected? Sounds like a PROM rewrite. Given the audience and the necessity of physical access (I'm guessing), it sounds like a true low-frequency event.

Mmm...cheap ice cream. Now I'm ready to jump on the RFID bandwagon. Screw unsecured personal information potentially leading to identity theft. I wants me some $.25 peanut butter cup.

NO! NOT THE ICECREAM!

anything but that!
WHAT HAS THIS WORLD COME TO?

'except in the supermarket, where they're expected to allow tampering so that they can continue getting cheap ice cream.' I like it, it looks like you guys took some good prase and embraced it (I think you should give that person the computer!)You know what i am talking about!

Remember the Passport post with the RFID from the other day? What if you got an "I'm a terriorist" virus on your passport that alerted customs that you were a terriorist? That would make for some interesting vacations.

would that imply the contents of the RFID chip gets executed somewhere? huh? maybe utilising buffer overflows in the supermarket's database?

Dude, it is ICED CREAM or ICECREAM, but not ICE CREAM.

The class of vulnerabilities they're talking about are data validation flaws (SQL injections, buffer overruns, shell codes). Most of these problems can be stopped by just validating your input (and 'safing' it as necessary) before sending it willy-nilly through your program.

Of course, this presupposes that most developers can actually design software for the real world.

David (currently #7) is right. This is basically your run-of-the-mill data validation flaw that seems to plague every new technology before it gets widespread use. Basically, software that reads RFID chips should tread the RFID response as untrusted, validating it just like they would an HTML form input.

Say it looks for a numeric ID on the chip and then queries a DB with "SELECT * FROM `groceries` WHERE `id` = '$RFID' " and someone malicious has coded the chip to return " '; DELETE FROM `groceries` WHERE '' = ' " ... instead of a numeric value. Poof - no more inventory database.

Considering that most tags are 64 bit and 96 bit, 8 and 12 bytes respectively, there's not many SQL commands you can execute. Although in theory possible, your a moron if you name your table with a single character or something.

Plus as said, if you just verify the data read from the tag, you will be fine. I am currently working on a RFID solution, and while possible, in practice I doubt you will see something like this occurring except in rare circumstances.

Also, I forgot to add that not all tags can be re-written. I would suspect that important things like passports will be read only, so someone cannot override your information.

';INS [overflow code]'

Also, who says that an RFID reader is limited to reading only those bits? Could someone provide a brief explanation of the physical limits for particular RFID tokens and readers, and why those limits exist?

it's poor for security. Because many security systems are use it for exam. airline, metro etc.

Siege:

The only bits that exist are 0 and 1. A tag can only hold as much data as memory on the chip. The standard values are 64 (transitional), 96 (will be the most used), and 128 (needed for companies with many products/many serial numbers).

Depending on the encoding, the bits are arranged in specific ways. There are many websites that describe the different encodings. For SGTIN 96 bit, the first 8 bits are the header, the next 3 bits are the object type, the next 3 are the partition, the next 20-40 bits are the Company prefix, the next 24-4 are the item reference (SKU), the next 38 bits are the serial number. The barrier between the the company prefix and item reference can be changed.

A would be hacker could ignore the encoding, and just arrange every 8 bits in to a byte, and encode a string within the tag. This string could be used in a malicious way if the software that interfaces with the reader does not verify the data.

The easy solution in software is to verify that the tag conforms to a specific encoding. The encoding being used should be known in advance, so you can hard code it in to your program.

God help us all if there is ever a Bird Flu to RFID mutation...

To #7 - You are wrong. Go to Ben & Jerry's website: http://www.benjerry.com - they make "Ice Cream" - not any of the wackedout variations you said were correct.

Thank God for the Ians and Sieges and Ryan Gardners of the world! They may just save us from the wack-job Billys and RFID hackers out there, so we can enjoy all that cheapo ICE CREAM in dubious safety.

>>Dude, it is ICED CREAM or ICECREAM, but not ICE CREAM

Not according to
http://benjerrys.com
http://breyers.com/products/ind_product.asp?UPC=77567-25450&brand=Breyers&pageFrom=pickproduct
http://haagendazs.com/segice.do

All of them say ice cream. But what would they know, right, dude?

-p-

fixed link: http://benjerry.com

while I'm at it:

http://www.hphood.com/products/prodList.aspx?id=25
http://kemps.com/products/ice_cream.shtml

None of which call it "iced cream" or "icecream." If you're going to correct someone, maybe you should try being correct first.

-p-

p-diddy is right. There's no iced cream or whatever. Check your dictionary first.

http://www.imakethings.com/2006/03/10/getting-chipped-interviews-with-rfid-pioneers/

Why do people feel a need to correct words on a website that is read internationally. Mabye where Billy comes from it is ICED CREAM, but here in the US its not. People speak differently, and correctly, all over the world. I'm not going to call out someone from England because they say chips and I say french fries. Lets try to have insightful comments instead.

@22, couldn't agree more.. and it's [tom-ah-to], not [tom-ay-to]. :-p

BTW any fool that doesn't make sure to include simple security measures like data verification should be shot.

what does ice cream have to do with any of this again?