Comment Not really possible on modern RFID systems. (Score 2, Informative) 109
Unless I missed something obvious (happens), I don't think this is a serious issue...
1) Most malicious SQL statements (i.e ";DELETE FROM USERS;") require more than 64-96 bits, the current standard for RFID tags.
2) Any RFID software system that is compliant with EPCglobal's Tag Data Specification (http://www.epcglobalinc.org) is inherently "immune" to this issue. The TDS spec defines several tag formats for use in software systems that require the tag's binary data to be in hexadecimal or decimal format and futhermore treated as a URI. e.g. urn:epc:raw:64.1234567890. Simply encoding a tag with ";DELETE FROM USERS;" will not cause any damage in an EPCglobal-compliant RFID system because the binary data read from the tag is never used in ASCII format, just decimal and hex.
3) Futhermore, the TDS specifies exactly which bits are to be used for various 'fields' such as 'company', 'item', 'serial number' etc. Most RFID systems perform operations on each field seperately, so any SQL statement would be broken up; ";DELETE FROM USERS;" could become something like ";DELE"."TE FROM"." USERS;". Again this doesn't matter so much because the data is never used in ASCII format, only Hex/Decimal.
In English....
ASCII: ";DELETE FROM USERS;"
Binary: 001110110100010001000101010011000100010101010
100010001010010000001000110010100100100111101
001101001000000101010101010011010001010101001
00101001100111011 (153bits, impossible to fit on Gen1 tags!)
Decimal: 59686976698469327082797732858369828359
URI: urn:epc:raw:153.5968697669846932708279773285836982 8359
As you can see, the URI form of the tag is pretty harmless. :)
1) Most malicious SQL statements (i.e ";DELETE FROM USERS;") require more than 64-96 bits, the current standard for RFID tags.
2) Any RFID software system that is compliant with EPCglobal's Tag Data Specification (http://www.epcglobalinc.org) is inherently "immune" to this issue. The TDS spec defines several tag formats for use in software systems that require the tag's binary data to be in hexadecimal or decimal format and futhermore treated as a URI. e.g. urn:epc:raw:64.1234567890. Simply encoding a tag with ";DELETE FROM USERS;" will not cause any damage in an EPCglobal-compliant RFID system because the binary data read from the tag is never used in ASCII format, just decimal and hex.
3) Futhermore, the TDS specifies exactly which bits are to be used for various 'fields' such as 'company', 'item', 'serial number' etc. Most RFID systems perform operations on each field seperately, so any SQL statement would be broken up; ";DELETE FROM USERS;" could become something like ";DELE"."TE FROM"." USERS;". Again this doesn't matter so much because the data is never used in ASCII format, only Hex/Decimal.
In English....
ASCII: ";DELETE FROM USERS;"
Binary: 001110110100010001000101010011000100010101010
100010001010010000001000110010100100100111101
001101001000000101010101010011010001010101001
00101001100111011 (153bits, impossible to fit on Gen1 tags!)
Decimal: 59686976698469327082797732858369828359
URI: urn:epc:raw:153.596869766984693270827977328583698
As you can see, the URI form of the tag is pretty harmless.
