Australian Information Security Management Conference

Document Type

Conference Proceeding


Security Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia


Originally published in the Proceedings of the 6th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 1st to 3rd December 2008.


Radio Frequency Identification (RFID) is seeing a surge in awareness across a range of industries as a successor to barcoding. The nature of this technology promises a wide range of benefits but it appears to be at the expense of security. This paper investigates an eavesdropping attack against an EPC RFID system and shows how a simple device may be used to record interactions between both Tag and Readers. The device is used to record and decode signals within range and its output is analysed to verify that the attack was indeed successful. The findings verify previous assertions by other authors that such attacks are viable and acts as a warning to implementers of the standard who expected their transactions to remain private or secure.