Zhuhai Suny Technologies vulnerability - Displaying arbitrary tag contents

The ETAG-TECH protocol used by Zhuhai Suny Technologies in their ESL products was reverse engineered. It was noted that no authentication is existent. Hence, one can render arbitrary messages. Furthermore, arbitrary content can be displayed on the electronic tag by simply transmitting messages according to the proprietary protocol.

The vendor did not respond to our communication attempts. Hence, there is no patch available.

Researcher: Steffen Robertz