RFID: time to get really paranoid
In a recent Black Hat demonstration, RFID passport readers were reportedly "crashed" when a manipulated JPEG 2000 photo was included in an RFID-enabled passport. The corrupted image caused a "buffer overflow" fault in the readers by containing more data than was expected and halting the reading process. This has been hyped as a problem with RFID but the truth is that it was a reader programming oversight. The software should have rejected the data (and e-Passport) instead of allowing the buffer overflow to stop the reading program. What's the lesson here? That it's time for manufacturers and implementers of RFID to get paranoid. But in a good way.
At AIM Global.
[ Read more ]