A spoofing attack against an EPC class one RFID system
Centre for Security Research, Edith Cowan University
Faculty of Computing, Health and Science
School of Computer and Security Science / Centre for Security Research
In computing the term spoofing historically referred to the creation of TCP/IP packets using another device's valid IP address to gain an advantage. The Electronic Product Code (EPC) RFID system was investigated to test the efficacy of spoofing a valid tag response to basic requests. A radio frequency transmission device was constructed to determine whether a valid reader could distinguish between the response of an actual tag and a spoofed response. The results show that the device was able to successfully deceive the EPC reader and further, to replace actual tag responses with a spoofed response. The potential for such attacks against inventory systems using the EPC standard would be significant in terms of both operational and actual costs.