Abstract. Mutual authentication mechanisms can be used in RFID systems to preserve the confidentiality of the RFID tags. Hiding the unique IDs of the tags is critical to prevent unauthorized tag tracking. In this paper, we analyze two mutual authentication protocols called M2 AP and EMAP, recently proposed by Peris-Lopez et. al. We show that a passive adversary eavesdropping on the open wireless medium, can extract the unique ID of the RFID tag by collecting an expected O(log2 L) challengeresponse exchange messages between the tag and the reader, where L is the length of the tag’s unique ID. To date, previously known attacks on M2 AP and EMAP require the active probing of each tag. Furthermore, attacks on M2 AP require O(L) active queries to be sent to the tag by a rogue reader, as opposed to O(log2 L).