I don't know anything about rfid, so I wonder if the rfid-certification process includes a test for "invalid" data. To test for buffer overflows etc. Maybe, if there is no forced test system, the unlikely possibility of a faulty system is too propable for comfort. And maybe this study will help create certification tests...

--Oliver, 15-Mar-2006


The thing is that RFID application space is dominated by completely proprietary solutions. There are no "RFID certifications" for data layers - however, there are several storage and radio standards, but they don't say anything about how the data should be handled; only how it is stored.

There are some proprietary application standards, yes, such as the ~SuiCa and Edy cards in Japan, and they do have a certification process. How much of that deals with invalid data, I don't know.

But buffer overflows are quite a known factor. So I'm hard pressed to see that this study would contribute to anything but the general fear against RFID.

--JanneJalkanen, 15-Mar-2006



More info...     Add comment   Back to entry
"Main_comments_150306_1" last changed on 25-Oct-2006 23:52:19 EEST by JanneJalkanen.