The mobile RFID system is a new application to use mobile phone as RFID reader with a wireless technology and provides new valuable services to user by integrating RFID and ubiquitous sensor network infrastructure with mobile communication and wireless internet. Contrast to the traditional RFID system, the communication channel between the database and the RFID reader is not assumed to be safe in the mobile RFID system any more. Therefore, in this paper, we propose a hash-based authentication protocol suitable to mobile RFID systems. The proposed protocol requires only hash, XOR and simple calculations but can provide good security and privacy protection features. It is effectively secure against threats such as impersonation, traceability and reply attack.