VeriChip VeriEasy To Clone, Researchers Say

from the not-inspiring-much-confidence dept

Mon, Jul 24th 2006 8:07am — Joseph Weisenthal

For some time we've been following the colorful past of RFID maker VeriChip, a company that promotes implanting RFID chips in humans for identification purposes. As if the stated goal of the company wasn't disturbing enough, it has a history of lying to regulators and to the public about the nature of its devices, and how they would be used. Now, two researchers, presenting at a hacker conference, have demonstrated that the company's chips can easily be cloned, essentially allowing an individual to assume another's identity. Not surprisingly, this stands in contradiction to VeriChip's claim that their products are impossible to counterfeit. In fact, the researchers claim that the company's chips have no security mechanism whatsoever. For its part, VeriChip has responded saying it hasn't reviewed the evidence, and that it's still easier to steal someone's ID out of a wallet than it is to gain information from a chip in someone's arm. That may be true, but when your wallet is stolen, you can realize it quickly and alert the relevant authorities. How do you know when someone's passed by you with a wireless scanner? If fingerprint identification can be defeated with Play-Doh, and someone can clone your embedded identity chip without you knowing it, there's something to be said for old-fashioned, disposable ID systems.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

20 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

jinx, 24 Jul 2006 @ 8:15am

paranoia anyone
I would like to take a moment to announce my fall fashion line made entirely out of tinfoil.
[ link to this | view in chronology ]
Franssu, 24 Jul 2006 @ 8:22am

VeriChip is just another junk tech company trying to make quick money out of the fascists that are now ruling America, like Diebold and others.

It's a pretty easy thing, since fascists tend to be kinda stupid.
[ link to this | view in chronology ]
Basta, 24 Jul 2006 @ 8:28am

Identity has lost it's sanctity
I've had my identity stolen in the past and the idea of putting a chip in my arm, regardless of how easily it can be copied, makes me feel no safer than when my social security card was copied back in '98 by an illegal immigrant.
[ link to this | view in chronology ]
lucent, 24 Jul 2006 @ 8:38am

VeriChip VeriEasy To Clone
Wasn't there a recent hack on RFID tags anyway? Not to sure if it is relavent but if it can be hacked would there be a need to clone it? Just a thought.
[ link to this | view in chronology ]
Stephen, 24 Jul 2006 @ 8:58am

What's wrong with an "off" switch??
Why do all these companies refuse to just include an "off" switch?? Putting a chip in my arm may help with medical emergencies and all that, but why would I want it always on when I only need it like once a decade??

Same with credit cards. Why the fark do I need a card always looking out to try and buy something when I only buy something once or twice a day??

Let me turn the dang thing off and it'll go a long way to making me want to actually use one of these things...
[ link to this | view in chronology ]
- Mrs Fudd, 7 Aug 2006 @ 6:43am
  
  Re: What's wrong with an "off" switch??
  There might be some merit in relying on RFID for medical emergencies -- unless you happen to be the good samaritan who comes to my rescue after I've been in any-number-of-situations that result in me needing CPR and mouth to mouth. Imagine how valuable it would be for you, the average citizen, to be the hero and perform mouth to mouth -- but since you didn't scan me first to discover that I'm severely allergic to what you just ate or handled at lunch, I die on the spot.
  
  There's something to be said for the low-tech devices like MedicAlert bracelets.
  [ link to this | view in chronology ]
jsnbase, 24 Jul 2006 @ 8:59am

I'll need a little more than this
'For its part, VeriChip has responded saying it hasn't reviewed the evidence, and that it's still easier to steal someone's ID out of a wallet than it is to gain information from a chip in someone's arm.'

If you're going to implant something in my arm, I'm gonna need a bit more assurance than 'it's easier to grab your wallet.' Something like: 'it's easier to castrate an angry female alligator than it is to gain information from the chip.' Or maybe 'it's easier to unravel space-time.'

But easier than stealing a wallet? Come on, if I put my wallet in the wrong pocket it takes me three hours to find it.
[ link to this | view in chronology ]
Anonymous of Course, 24 Jul 2006 @ 9:23am

Baaa Baaa
My dog has a chip in its ear. It's also a common
practice for livestock. Cattle, sheep and goats,
emu and pigs are "chipped."

I know governments treat their population as
livestock and would like better asset management.

I'm simply not ready for a constant reminder, that
little bump just below the skin, just yet.

I never understimate the motivational power of
money. Given time most any scheme will be
subject to fraud. Can an identification system be
cost effective and acceptably fraud resistant?
Who decides the price point and the tolerable
level of risk?

I think this needs an ANSI standards comitte... or
something. Not people of dubious reputation and
their shady company driving the standard.
[ link to this | view in chronology ]
Bakken, 24 Jul 2006 @ 9:27am

It's not stealing if you don't get caught
I would imagine that hardest part about stealing someones wallet, would be to try and do so without them knowing. Now if I had a wireless scanner and I ran through a crowed of people with these RFIDs, I bet I could get everyones info without them even knowing. So which would be easier again?
[ link to this | view in chronology ]
Lay Person, 24 Jul 2006 @ 9:32am

CrappyChip...
Yup ,this is just another lame invention that will never fulfill all that it promises.

If it's tangible, it can be replicated--end of story.

What we need are DNA scanners. All you do is muster up a big oyster and spit it out on to the scanner lens. The scanner verifies your DNA then, based on it's reference, permits/denies entry.
[ link to this | view in chronology ]
tim stevens, 24 Jul 2006 @ 10:51am

Annalee Newitz (hot nerd girl with chip) and Jonathan Westhues (smart nerd guy with cloner) are just the types that VeriChip should fear. They have no agenda other than exposing the dishonesty and incompetence of VeriChip.

To quote Jonathan (see Johnathan's analysis http://cq.cx/verichip.pl), "The Verichip is a repurposed dog tag; there is no reason (counterfeit housepets?) why it would have been designed with any security features, and in fact it was not."

Of course when VeriChip responded saying "...it hasn't reviewed the evidence..." it sounds just like the FTC and FCC when there is a massive loss of personal data (a la the recent Veterans data loss via laptop): "...there is no evidence to suggest that anyone's persona data was compomised..." Wonderful. Either someone is too good to get caught or the responsible parties are too slow to know how to do anything about it.

TS
[ link to this | view in chronology ]
ebrke, 24 Jul 2006 @ 12:18pm

Impossible??
The simple fact that they stated that their product is "impossible to counterfeit" should be enough to raise a huge red flag. Oversimplifications like that leave any company's credibility in the garbage dumpster.
[ link to this | view in chronology ]
Phillip Vector, 24 Jul 2006 @ 2:32pm

Impossible to Counterfit
You know, I used to be in this game that was played in New York called "The Nexus". We had our own currency that the maker of the game said was impossible to copy. A brief meeting with some fellow players and a trip to kinkos and we litterally printed our own money, flooded the market with the funny money (and kept the real money to ourselves) and announced that it was copied and how to spot it (we included a watermark with our money).

If you say something is impossible to a hacker, that just makes them want to prove you wrong.
[ link to this | view in chronology ]
Bhagaban, 25 Jul 2006 @ 12:05am

VeriChip in neck deep trouble
The revelation would put US-based chipmaker in neck deep trouble. VeriChip Corporation who for the long time is promoting that its chips are reliable for human tracking will find it difficult to get deal from Bush Administration to track immigrants and guest workers.
[ link to this | view in chronology ]
Anonymous Coward, 25 Jul 2006 @ 10:01am

If it was your medical record implanted, why would anyone want to steal that?

On another post, there actually is an off switch, you just wouldn't like where they put it (can you say "Bend Over")
[ link to this | view in chronology ]
Page Esquire, 27 Jul 2006 @ 7:17pm

what the f*£$*
Ok, does anybody think freedom from sight is important "privacy" if there's a chip they can find it via satellite and then see you. what happens when theany government turns on it's people? I maybe paranoid, but I'd rather a fighting chance. Think Iraq or Israel. OH GOD!!!??!!!!!
[ link to this | view in chronology ]
James, 28 Jul 2006 @ 7:04am

VeriPig
Has any one ever wonder what the heck Veri really means? I did some quick search have seen it on www.zombiewire.com

Verichip , verizon, verisign, verivisa ,
[ link to this | view in chronology ]
InfoWars07, 23 May 2007 @ 10:34pm

RFID
This is part of the world goverment say no to the chip .Is all part of the New world order.please check out Infowars.com learn the truth..
[ link to this | view in chronology ]
..., 9 May 2008 @ 9:16am

people dont realive what there doing when the take this chip. they a denouncing jusus christ our lord and savior. the bible couldnt have been more clear in revelations when it said in one verse that no one will be able to but or sell with out the mark. the mark is the mark of the beast but no one realizes it now! it started when they put chips in aminals like your cats and dogs. they are trying to put chips in new born babies. then its going to try to get us, by saying it helps with the sucurity issues, and identity theif. and then there giong to want us to strart buying and selling using it. its all supposed to happen though. thats why you need to be saved and never accept that chip bacuse the cost is your eternal life in heave with jusus christ. so be for its to late you need to get right with god.
[ link to this | view in chronology ]
tcool, 3 Mar 2010 @ 11:00am

veri chip
Where do i order?
[ link to this | view in chronology ]