- From: Kenneth Rohde Christiansen via GitHub <sysbot+gh@w3.org>
- Date: Wed, 24 Jun 2020 09:16:44 +0000
- To: public-web-nfc@w3.org
Some WIP work here: Things that users should be made aware of when using NFC Read data is shared with site When a site has access to read NFC content, then the data of the scanned tags is shared with the site, in a similar way to upload files and images. The user has to trust that the site handles this data properly and in the intended manner. A site may modify and overwrite data of tags that are not made readonly Deployed NFC solutions, like tags in stores etc, should always be made read-only in order to ensure they are not modified by mistake or as part of a malicious act. Private tags and stickers are often unlocked (writable) from the factory and the user should be aware that such tags might be overwritten/modified by scanning them. Reading a fixed (e.g. mounted) tag may expose reading location A fixed tag may encode its ID or location in the data, meaning that reading it exposes that information to the site, which then can deduct the location the read took place. That combined with being logged into a service, can share your location data with the site. Data written is readable by other apps and sites with granted read access Any NDEF data on a tag can be read by any app or web site with the proper access, so if that is not intended then the data should be encoded in a secure manner that only who is supposed to read it can. Multiple tags may be within the reading field at the same time NFC can only read one tag at the time, but multiple tags can be detected and one of the tags can be selected as the tag to communicate with. Use cases for this could be having multiple smart cards (NFC based) in your wallet and not wanting to take the card out. This is mostly useful for payment cards and travel cards that are read by external hardware and thus not a use-case for Web NFC. For Web NFC, we do not allow reading when there are multiple tags available. There is an attack vector, where someone places another malicious NFC tag/sticker on top of a legitimate tag, in order to load the wrong app/site, or inject wrong data into the right app/site. Loading web sites from a tag is outside the scope of Web NFC, but it is recommended for user agents to not auto load URLs when multiple tags are available due to the above attack vector. By disallowing reading when there are multiple tags available, Web NFC protects well against injecting wrong/malicious data into a site as shielding the existing NFC tag is quite difficult as it requires ferrite shielding which is quite visible. Metal interferes with the magnetic field and makes tags not readable. -- GitHub Notification of comment by kenchris Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/583#issuecomment-648701718 using your GitHub account
Received on Wednesday, 24 June 2020 09:16:45 UTC