- From: Kenneth Rohde Christiansen via GitHub <sysbot+gh@w3.org>
- Date: Wed, 24 Jun 2020 09:12:47 +0000
- To: public-web-nfc@w3.org
kenchris has just created a new issue for https://github.com/w3c/web-nfc: == Do not allow reading/writing if multiple tags are within field == Some reasoning below: -- NFC can only read one tag at the time, but multiple tags can be detected and one of the tags can be selected as the tag to communicate with. Use cases for this could be having multiple smart cards (NFC based) in your wallet and not wanting to take the card out. This is mostly useful for payment cards and travel cards that are read by external hardware and thus not a use-case for Web NFC. For Web NFC, we do not allow reading when there are multiple tags available. There is an attack vector, where someone places another malicious NFC tag/sticker on top of a legitimate tag, in order to load the wrong app/site, or inject wrong data into the right app/site. Loading web sites from a tag is outside the scope of Web NFC, but it is recommended for user agents to not auto load URLs when multiple tags are available due to the above attack vector. By disallowing reading when there are multiple tags available, Web NFC protects well against injecting wrong/malicious data into a site as shielding the existing NFC tag is quite difficult as it requires ferrite shielding which is quite visible. Metal interferes with the magnetic field and makes tags not readable. Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/584 using your GitHub account
Received on Wednesday, 24 June 2020 09:12:49 UTC