RFID Security Vulnerabilites

By Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3 •  Updated: 10/22/21 •  3 min read

As with any other wireless technology, RFID is prone to security vulnerabilities. RFID tags can be counterfeited, spoofed, sniffed, and even carry viruses that infect RFID readers and their associated networks. Imagine that your organization has decided to adopt RFID tags to improve supply chain management. What are at least three methods that could be used to secure the RFID tags better?

There are security risks associated with wireless technologies, and (Radio Frequency Identification (RFID) tags are no exception. These security risks include viruses, replay attacks, spoofing, RFID sniffing, tracking, and other attacks. Organizations should implement security best practices to mitigate these risks when adopting RFID tags to improve supply chain management.

RFID tags are vulnerable to virus attacks. RFIDs connect to backend databases that may contain valuable data. The RFIDs have code known as “Middleware” that enables communication and data management. This middleware connects the RFID and the database together (Microsoft). Middleware is often composed of many lines of code that may contain vulnerabilites that hackers could exploit to access the backend database. Mitigation steps against RFID virus attacks would include code reviews to identify vulnerabilities. In addition, organizations should have a robust patch management plan in place so that the database software is kept up to date.

Sniffing attacks are a concern for RFID tags. In this type of attack, the attacker reads the RFID signal using a device that acts as an RFID reader. The fake reader captures the data from the RFID tag that the attacker may use for malicious purposes. This type of attack can be mitigated using encryption.

Malicious actors can also track RFID tags. Tracking attacks give the attacker information about the movement and location of the RFID tag (and the item to which it is attached). Tracking attacks are difficult to mitigate, even if the communication between the RFID tag and the reader is encrypted. In many cases, the organization must accept this risk when they implement RFID technology. A potential mitigation to this type of attack is to implement the ability to turn the RFID tags off so that they are not constantly trackable. However, this may defeat the purpose of the RFID tags for many applications.

RFID tags can be valuable to improve supply chain management. However, RFID tags are vulnerable to viruses, sniffing attacks, tracking attacks, and the exploitation of other vulnerabilities that exist in wireless technologies.


Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3

Donald Korinchak is a Cybersecurity Professional in the Washington DC area. Donald holds an MBA from the University of Pittsburgh Katz School of Business. Donald is considered a thought leader in business, leadership, and cybersecurity issues.