High-tech cloning

July 22, 2006

Updated with comment from VeriChip spokesman:NewitzWeshues1.jpgWith the debate over genetic cloning in full swing, hackers could not have cared less at a conference in New York City, where two presenters demonstrated the electronic equivalent of making a copy of an implanted RFID or radio frequency ID chip.The point was to show just how easy it is to fool a detection device that purports to uniquely identify any individual.Annalee Newitz (left) and Jonathan Westhues (right) presented their experimentations at the HOPE Number 6 conference in New York City in front of a crowd of hackers, tweakers and phone phreakers.”This is the first time someone has cloned an human-implanted RFID chip,” Newitz said. “Since I have been chipped Jonathan refers to me as an implanted pet.”Newitz said she has an RFID chip implanted in her right arm manufactured by VeriChip Corp., a subsidiary of Applied Digital.”Their Web site claims that it cannot be counterfeited — that is something that Jonathan and I have shown to be untrue.”The pair demonstrated the cloning process: Westhues held a standard RFID reader against Newitz’s arm to register the chip’s unique identification number.Next, Westhues used a home-built antenna connected to his laptop to read Newitz’s arm again and record the signal off her implanted chip.Westhues then takes the standard RFID reader and waves it past his laptop’s antenna. The reader beeps, showing Newitz’s until then “unique” ID. “It actually has no security devices what-so-ever,” Newitz said of VeriChip’s claims that its RFID chips can not be counterfeited.VeriChip spokesman John Procter said in a phone interview that he had read about Newitz and Westhues work, but the company had not been able to review the evidence. He had no specific comment regarding their “cloning” project.”We can’t verify what they may or may not have done,” Procter said, adding that: “We haven’t seen any first-hand evidence other than what’s been reported in the media.”"It’s very difficult to steal a VeriChip … it’ s much more secure than anything you’d carry around in your wallet,” he added.

Comments

As an Ex-Hacker myself I have been only waiting for this. Veri-Chip has only convinced themeselves, as Hackers we’d be able to figure out how to copy someones RFID so we could use that to and advantage.

FBI and the other agencys have figured it out by now, your not going to stop a determined hacker. The’ll be able to disguise as others when they get deep enough into it, just by ripping RFID infomation!

Posted by Nipahc | Report as abusive
 

[...] There are supposedly plenty of hams at this weekend’s HOPE (Hackers on Planet Earth) conference at the Hotel Pennsylvania in New York City. In fact, special event station N6H is on the air, operating from the conference. The conference attracts hackers, tweakers, phone phreakers and the curious. For instance, two presenters demonstrated the electronic equivalent of making a copy of an implanted RFID or radio frequency ID chip manufactured by VeriChip Corp., a subsidiary of Applied Digital. This is the first time someone has cloned an human-implanted RFID chip, presenter Jaonathan Newitz said. Their Web site claims that it cannot be counterfeited that is something that Jonathan and I have shown to be untrue, according to his co-presenter Annalee Newitz. Yet another presenter was arrested yesterday by FBI agents, just moments before he was to lead a panel discussion on privacy. The conference wraps up today. [...]

 

[...] The regular news media has been picking up some stories from HOPE6. One was posted about how two people managed to steal and clone a Verichip. More in the Washington Post here and here. Also in the news today was an article touting my favorite summer camp ever, CTY, in Slate. [...]

 

[...] Reuters is reporting that the “secure” RFID chip designed to identify a human has been easily cloned. The chip maker denies being able to verify the results of the demonstration. Why anyone would voluntarily accept an implant like this is beyond my comprehension, secure or not. [...]

 

Procter, you my good sir, is an imbecil.

Posted by Flemming Kold | Report as abusive
 

Rfid has been being hacked for a long time, even at the 5th Hope it was demo’ed just not one of the “implanted” chips, but essentialy they all work on the same principle. I hate to break it to Mr. Procter but Its very difficult to steal a VeriChip it s much more secure than anything youd carry around in your wallet, Id much rather have somone steal my wallet, and I am aware it was stolen.
However if some guy “bumps” into me on the subway, with a specal IC designed specificly to read and steal my id, and replicate it elsewhere, while im none the wiser. I dont think so…

It may be impossible to steal the physical object, but if all somone has to do is get close to you to read it and later go make another one that functions exatly the same way… I really hope this isnt a payment system…

Oh and for those interested that new mastercard tap and go thing works on rfid and can also be duplicated… Request a card without it!!

Posted by Jarrod | Report as abusive
 

I supppose I’d notice the theft of an rfid, since it’d require an incision in my arm or whatever, since I don’t store my wallet inside my skin. Thank God for the security, VeriChip!

Posted by ron | Report as abusive
 

Ok, let me be a sexist pig for just this once. But Annalee is hot. Ok, I like the nerdy types, but holeee, she is really hot and has a PhD to boot.

What was she writing about? RFID, chips…? I can’t remember. But I remember she is !!!HOT!!!.

Posted by tim stevens | Report as abusive
 
 

[...] SOURCE: Reuters  [...]

 

Identity theft: implanted RFID’s “unique ID” cloned…

From “High-tech cloning,” by Nic Fulton, Reuters Newsblog, 22 July © Reuters:

“…at a conference in New York City… two presenters demonstrated the electronic equivalent of making a copy of an implanted RFID or radio frequency ID chip. The poin…

 

Why are we putting microchips in people in the first place???? Security? Give me a break!

Posted by V | Report as abusive
 

[...] Sending in the clones VeriChip more or less mum Contends it’s secureread more | digg story « AMD Throws Out Quad-Core Challenge To Intel [...]

 
 

[...] Annalee Newitz and Jonathan Westhues demonstrated how easy it is to clone an implanted RFID chip at the HOPE number 6 Conference in New York last week. Newitz had a VeriChip RFID chip implanted in her arm and Westhues read the tag’s unique ID with a portable reader hooked up to his laptop, which recorded the ID. It’s easy to program a new tag with that unique ID, effectively cloning the original tag. See this Reuters article for more information. [...]

 

[...] Hackers clone RFID from human [...]

 

[...] 6 – Arphids cloned by haXx0rz – live on stage Does what it says on the tin. ‘No more identity theft’, my arse. (tags: technology surveillance theft identity security VeriChip conference HOPE cloning hacking arphid RFID) [...]

 

[...] High-tech cloning [...]

Posted by » | Report as abusive
 

[...] Ormai si copia di tutto. Cos’è rimasto ancora di inviolato? Durante una dimostrazione a New York, due hacker/ricercatori, Annalee Newitz e Jonathan Westhues, hanno sbeffeggiato la Verichip Corp., dimostrando come sia possibile clonare un chip RFID impiantato nel corpo umano, cosa finora ritenuta impossibile. Con un banale pc e un lettore RFID, sono riusciti a replicare l’ID del chip inserito nel braccio destro di uno dei due (!). Ovviamente un duro colpo per l’azienda. I responsabili di Verichip si sono trincerati dietro un no comment struzzesco, non prima però di aver regalato questa precisazione: Its very difficult to steal a VeriChip it s much more secure than anything youd carry around in your wallet [...]

 

[...] The RFID tag is supposed to identify things uniquely, but now two techies at the HOPE (Hackers on Planet Earth) convention claim to have been able to “clone” one.  What are the potential implications for the future of a system which is supposed to identify things uniquely if it can be copied?  One of the people making the claim is tech writer Annalee Newitz. Read her POV at her blog.  Here, Reuters includes a statement from Verichip, the makers of the RFID tag. [...]

 

[...] High-tech cloning – Reuters Newsblogs [...]

 

[...] This is also common For some time we’ve been following the colorful past of RFID maker VeriChip, a company that promotes implanting RFID chips in humans for identification purposes. As if the stated goal of the company wasn’t disturbing enough, it has a history of lying to regulators and to the public about the nature of its devices, and how they would be used. Now, two researchers, presenting at a hacker conference, have demonstrated that the company’s chips can easily be cloned, essentially allowing an individual to assume another’s identity. Not surprisingly, this stands in contradiction to VeriChip’s claim that their products are impossible to counterfeit. In fact, the researchers claim that the company’s chips have no security mechanism whatsoever. For its part, VeriChip has responded saying it hasn’t reviewed the evidence, and that it’s still easier to steal someone’s ID out of a wallet than it is to gain information from a chip in someone’s arm. That may be true, but when your wallet is stolen, you can realize it quickly and alert the relevant authorities. How do you know when someone’s passed by you with a wireless scanner? If fingerprint identification can be defeated with Play-Doh, and someone can clone your embedded identity chip without you knowing it, there’s something to be said for old-fashioned, disposable ID systems. Clone – one that copies or closely resembles another, as in appearance or function: “filled with business-school clones in gray and blue suits” (Michael M. Thomas). I should add that aOL Search Data Reportedly Released (PC World) PC World – The apparent release of searches made by hundreds of thousands of users is raising privacy concerns. World – the earth with its inhabitants. This is pretty cool experts discuss wireless vulnerability (AP) [...]

 

RFID Blocking Wallets and passport cases avaliable at http://www.difrwear.com

 

[...] This is the first time someone has cloned an human-implanted RFID chip The pair demonstrated the cloning process: Westhues held a standard RFID reader against an arm to register the chip âs unique identification number. It actually has no security devices what-so-ever – VeriChipâs claims that its RFID chips can not be counterfitedread more | digg story [...]

 

[...] Also we can say this For some time we’ve been following the colorful past of RFID maker VeriChip, a company that promotes implanting RFID chips in humans for identification purposes. As if the stated goal of the company wasn’t disturbing enough, it has a history of lying to regulators and to the public about the nature of its devices, and how they would be used. Now, two researchers, presenting at a hacker conference, have demonstrated that the company’s chips can easily be cloned, essentially allowing an individual to assume another’s identity. Not surprisingly, this stands in contradiction to VeriChip’s claim that their products are impossible to counterfeit. In fact, the researchers claim that the company’s chips have no security mechanism whatsoever. For its part, VeriChip has responded saying it hasn’t reviewed the evidence, and that it’s still easier to steal someone’s ID out of a wallet than it is to gain information from a chip in someone’s arm. That may be true, but when your wallet is stolen, you can realize it quickly and alert the relevant authorities. How do you know when someone’s passed by you with a wireless scanner? If fingerprint identification can be defeated with Play-Doh, and someone can clone your embedded identity chip without you knowing it, there’s something to be said for old-fashioned, disposable ID systems. I should add that %keyword% microsoft’s Zune May Not Carry the Day (PC Magazine) PC Magazine – Analysts praise Microsoft’s early moves in the digital music player market, but warn that the company will have to work hard to overtake Apple’s iPod.Did you know that Magazine means a compartment in a camera in which rolls or cartridges of film are held for feeding through the exposure mechanism. Wow… I love this using this sun, Unisys sue South Korea’s Hynix (AP) AP – Sun Microsystems Inc. and Unisys Corp. have filed a U.S. lawsuit against South Korea’s Hynix Semiconductor Inc., apparently seeking damages related to a federal probe into price-fixing of memory chips, Hynix said Tuesday. [...]

 

[...] No comment!  Just read the article: http://blogs.reuters.com/2006/07/22/high -tech-cloning/ New RSS Feeds Coming soon! [...]

 

Its very difficult to steal a VeriChip it s much more secure than anything youd carry around in your wallet,

He should tatoo his social security number on his arm, it would be much more difficult to steal than, uh, his wallet.

 

The apparent release of searches made by hundreds of thousands of users is raising privacy concerns.

 

I do believe that the VeriChip they created was a successful clone regardless of what the VeriChip company claims. I find it quite ironic that society takes large steps with the advancements of technology and security, but with those discoveries comes advancements with the hackers technology and able to get into other’s personal security and privacy. While technology is one step ahead trying to secure, the hackers and the rest of people trying to use technology to their personal benefit is only a few baby steps behind.

Posted by eden | Report as abusive
 

I would hate to have any thigs I buy just be cloned like this.

 

Concerning VeriChip: MonDex. Revelation 13. It must be “In The Name Of World Security.” Apparently, the greatest crime one can commit, is to withhold one’s financial data from the Feds. And it is specifically mentioned in Revelation 13, that no-one shall be allowed to BUY OR SELL without the Mark of the Beast. And, contrary to popular Bible translations, the original actually mentions that the Mark shall be carried IN the RIGHT HAND or the FOREHEAD. As far as could be found, MonDex and Verichip found these two places to be the best spots in the body to put the bugs. I guess now it is “Give me Liberty or Verichip me…”

Posted by Jacob | Report as abusive
 

[...] Nightclubbing: Barcelona’s exclusive VIP Baja Beach Club embeds RFID chips into their patrons’ arms for admittance and to use as a debit account from which they can pay for drinks. Will this trend catch on in the states? Would Andy Warhol do it if he were still alive? Probably, and most likely. But, beware…Reuters reported last year that two hackers, Newitz and Westhues, showed that they could clone the RFID signal from a human implanted RFID chip. [...]

 

[...] around. The opinions about this subject are greatly divided.  (need to know more about these chips http://blogs.reuters.com/2006/07/22/high -tech-cloning/ )  Recently Rihanna made a song about driving. I thought this song would fit nicely into my [...]

 

O.K. lets go one level deeper. If these chips are able to hold our medical records and bank accounts, how is that info to be accessed?
Simply getting a multi digit code to read out does not mean that anyone has penetrated the interior of the chip memory. I’m not convinced that a wall has been breached if indeed it does exist. I want to buy one of these readers and see for myself.

 

[...] “doing RFID using 13.56 and UHF” I assume you are aware they are suceptable to any number of problems. Any sort of man-in-the-middle security breach would allow anyone to leech any information being [...]

 

[…] fracaso del VeriChip fue precisamente la seguridad. En 2006, Annalee Newitz y Jonathan Westhues clonaron la información del VeriChip alojado en Newitz, robando la clave ID a través de un lector. Westhues explicó en su página web el proceso para […]

 

[…] fracaso del VeriChip fue precisamente la seguridad. En 2006, Annalee Newitz y Jonathan Westhues clonaron la información del VeriChip alojado en Newitz, robando la clave ID a través de un lector. Westhues explicó en su página web el proceso para […]

 

[…] fracaso del VeriChip fue precisamente la seguridad. En 2006, Annalee Newitz y Jonathan Westhues clonaron la información del VeriChip alojado en Newitz, robando la clave ID a través de un lector. Westhues explicó en su página web el proceso para […]

 

Post Your Comment

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/