Utilizing the RFID LOCK Command Against Multiple Targets

An unlocked Electronic Product Code (EPC) tag allows for issuance of most commands without the need for any authorization. This means that a system with unlocked tags would allow any attacker to modify tag data at will, whilst also opening the door to a range of other misuse. One possible avenue of active misuse against unlocked tags would be to issue LockID commands and ‘permanently’ lock some or all of a system‘s RFID tags. As this attack is simply an issuance of a valid command it fits firmly in the category of an active misuse and could also be considered a limited form of DoS as future valid commands would be ignored and limit or cripple the functionality of a system dependent on operation. This paper details an experiment using the LockID command to lock multiple tags within range