Re: VeriChip hack? (Sorry if this posts twice)

[Hugo Fortier <hfortier () recon cx>]

On 26-Jul-06, at 6:39 PM, Michael Krymson wrote:

> A commenter on a news link I read today said that the presenters only
> demonstrated grabbing the unique ID off the RFID. Unfortunately, the
> rest of the data is supposedly more encrypted and it is not a  
> concern to
> leak the unique ID itself. I cannot attest to this firsthand, but
> perhaps someone here can.

Only the unique ID is stored on the RFID, the rest of the data is  
stored in a Database.

The presentation was about the fact that the Verichip compagny that  
implant RFID on Human are using a system that have no security at all  
(even if they say it's secure).

The demo Jonathan did was a demo about the Reader/Spoofer device he  
made,  he has basicly read Annalle implanted RFID and spoofed it back  
to the Verichip reader.

Here is a quote from Verichip website:

"With VeriChip's patented, FDA-cleared, human-implantable RFID  
microchip technology, access control has achieved a new level of  
protection never offered before. Now, organizations can protect  
entire buildings, floors, or designated areas with the highest level  
of security available today, and easily incorporate this into  
existing building control systems. Additionally, staff, visitors, and  
even assets can be tracked within the facility in real-time."

Ok now If I told you that Highest level of security available today  
is the same technologie that is used to tag Pets?
Personally If I was implanting myself with a chip with the intention  
to open my door or use it as a credit card, I would't want to hear I  
got to change my chip every year for security update... Apparently  
the removal can be a mess...

If you want to check more about RFID and Verichip:
Annalee Newtiz Wired article: http://www.wired.com/wired/archive/ 
14.05/rfid_pr.html
Jonathan Westhues website:  http://cq.cx/prox.pl
Last year recon presentation / video about RFID Proximity Cards   
http://2005.recon.cx/recon2005/papers/Jonathan_Westhues/

Hugo


> Either way, there are three truths to this new technology:
> - It will happen. That's just the way technology is...not everything
> gets turned away like e-voting (sort of)
> - It will be insecure and will cause problems...but then again, do  
> fake
> IDs, passports, etc.
> - It will be the next big thing since virtualization steam-rolled into
> the industry
>
>
>
> Nick Selby wrote:
> > Anyone see the demo on the verichip hack at hope? Anyone have any
> > opinion on
> > the demo, like, was it successful :) ? Apologies again if this posts
> > twice.
> >
> > --------------------------------------------------------------------- 
> > ---
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave () lists immunitysec com
> > http://lists.immunitysec.com/mailman/listinfo/dailydave
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave