Radio Frequency Identification (RFID) is a contactless identification technology that
promises to revolutionize our supply chains and customize our homes and office.
This paper will demonstrate that the security breaches that RFID deployers dread most
— RFID malware, RFID worms, and RFID viruses — are right around the corner. RFID
attacks are currently conceived as properly formatted but fake RFID data; however no one
expects an RFID tag to send a SQL injection attack or a buffer overflow. Unfortunately,
the trust that RFID tag data receives is unfounded. To prove our point, this paper will
describe the basic design principles of RFID malware. We will provide concrete examples
for several target platforms, featuring a fully illustrated specimen of a self-replicating RFID
virus. Our main intention behind this paper is to encourage RFID middleware designers to
adopt safe programming practices.