7 Types of Security Attacks on RFID Systems


RFID systems, like most electronics and networks, are susceptible to both physical and electronic attacks. As the technology matures and becomes more widespread, so do hackers who aim to gain private information, entrance to secure areas, or take a system down for personal gain. Below are 7 known security attacks hackers can perform on an RFID system.

1. Reverse Engineering

Like most products, RFID tags and readers can be reverse engineered; however, it would take a lot of knowledge about the protocols and features to be successful. Hackers would take apart the chip in order to find out how it works in order to receive the data from the IC.

Purpose: Steal Information and/or Gain Access

2. Power Analysis

This attack requires nothing more than the brain of a hacker and a cell phone. According to leading experts 1, power analysis attacks can be mounted on RFID systems by monitoring the power consumption levels of RFID tags. Researchers stumbled upon this hacking technique when studying the power emission levels in smart cards, especially in the difference in power levels between a correct passcode and an incorrect passcode

Purpose: Steal Information and/or Gain Access

3. Eavesdropping & Replay

Eavesdropping, like it sounds, occurs when an unauthorized RFID reader listens to conversations between a tag and reader then obtains important data. It is still necessary for the hacker to know the specific protocols and tag and reader information for this technique to work.

Replay attacks builds on eavesdropping and specifically occur when one part of communication in an RFID system is recorded and then ‘replayed’ at a later time to the receiving device in order to steal information or gain access.

Purpose: Steal Information and/or Gain Access

4. Man-in-the-Middle Attack or Sniffing

A man-in-the-middle attack happens during the transmission of a signal. Like eavesdropping, the hacker listens for communication between a tag and reader and then intercepts and manipulates the information. The hacker diverts the original signal and then sends false data while pretending to be a normal component in the RFID system.

Purpose: Take Down System

5. Denial of Service

A Denial of Service attack is the broad concept of an RFID system failure that is associated with an attack. These attacks are usually physical attacks like jamming the system with noise interference, blocking radio signals, or even removing or disabling RFID tags.

Purpose: Take Down System

6. Cloning & Spoofing

Technically two specific events, cloning and spoofing are usually done back to back. Cloning is duplicating data from a pre-existing tag, and spoofing is then using the cloned tag to gain access to a secured area or item. Because the hacker has to know the data on the tag to clone it, this type of attack is mainly seen in access or asset management operations.

Purpose: Gain Access

7. Viruses

According to some sources 1, RFID tags currently do not have enough memory capacity to store a virus; but in the future, viruses could be a serious threat to an RFID system. A virus programmed on an RFID tag by an unknown source could cripple an RFID system when the tagged item is read at a facility. When read, the virus would transfer from tag to reader and then to a company’s network and software – bringing down connected computers, RFID components, and networks.

Purpose: Take Down System

What Does This Mean for Me?

While this article confirms that there are quite a few ways for a hacker to perform an attack on an RFID system, none of these methods are easy. Many require expansive RFID knowledge and complex devices. Another important piece of information to keep in mind is that UHF Gen 2 RFID tags are different from EMV chips on credit cards. EMV chips were made for security purposes and contain complex encryption technology, meaning they do not apply to any part of this article.

Future attacks like these can be mitigated by using encryption methods (when available), chip coatings, filtering methods, and authentication methods. If Gen 2 tags are being used in a secure location, remember to take the necessary precautions to lock any memory banks containing private information, and, if available, use software or middleware as an additional protective layer. Once G2V2 is available with its advanced security and privacy features, hopefully some of the above attacks will dissipate.


For any questions or to learn more about RFID tag security please comment below or contact us.

If you would like to learn more about all things RFID, check out our website or our YouTube channel.

To learn more about RFID security, check out the links below!


1RFID Technology, Security Vulnerabilities, and Countermeasures. Qinghan Xiao, Thomas Gibbons, and Hervé Lebrun. http://cdn.intechopen.com/pdfs/6177.pdf

Download Deploying an RFID System: 20 Questions & Answers