While we recognize that there may well come a time when RFID virii exist, the current stories about exploits utilize equipment that is a long, long way from the stuff people are actually using in the supply chain today. N.B. that the BBC article refers to creating an exploit in “only” 127 bytes. That’s awesome, we’re sure, but the key bit of data to remember for currently-used supply chain tags is that they hold 96 bits.

Furthermore, the exploits discussed in this paper strike us as almost comically bad; i.e., they rely on all sorts of other holes in the system, like leaving the door open to SQL injection. The “possible scenarios” they discuss are even worse, suggesting that a nefarious shopper might bollocks up a supermarket by replacing an item’s tag with one of his own.

Let’s stop with hysteria and think more in terms of the real world, ok? RFID exploits such as this are a long way off in the real world. The best protection NOW is to make sure we’re smart with new tools like RFID. An excellent place to start would be in NOT putting RFID in passports, not whining about “RFID Viruses! OMG!! WTF!!”