Tag Implants May Be Dangerous for Security Apps, Says Group
Because VeriChip's tag is easily copied, a technologist group claims it is a poor choice for authenticating the bearer's identity. But VeriChip says its tags should be combined with other authenticators.
Aug 22, 2006—An implantable passive RFID tag made by the VeriChip Corp. can be cloned and is, therefore, not an appropriate device for use in building access control, says an article in an upcoming issue of the Journal for American Medical Informatics Association (JAMIA). VeriChip's tag, approved by the Food and Drug Administration (FDA) for human implantation, consists of a low-frequency inlay enclosed in a rice-sized glass capsule. VeriChip sells it for two different applications: VeriMed, which uses the tag to identify patients and access their medical records in the event of an emergency, and VeriGuard, which utilizes the tags to identify people for the purposes of granting or denying access to buildings and offices.
"I'd suspected for some time that the VeriChip was susceptible to cloning attacks," says Ari Juels, manager and principal research scientist for RSA Laboratories, a provider of digital security products. His suspicions were confirmed early this year after he met with a computer scientist, Jonathan Westhues, who, weeks earlier, had cloned the VeriChip tag implanted in the arm of technology journalist Annalee Newitz. Juels and Westhues are two of the JAMIA article's four authors, along with John Halamka, CIO of Beth Israel Deaconess Medical Center, which offers the VeriMed system, and Adam Stubblefield, a Johns Hopkins University faculty member studying RFID security. Halamka also has the VeriChip implant and is a subscriber to the VeriMed system.
In the paper, the authors posit that VeriChip tags "should serve exclusively for identification, and not authentication or access control" because the ease with which the tags can be cloned leaves any security system built on the VeriChip IDs highly vulnerable to attacks.
VeriChip says its implantable tag uses an ISO air-interface protocol, though the company could not supply RFID Journal the specific ISO standard it follows.
Westhues' cloner device can also act as an RFID interrogator—but not one sophisticated enough to clone (or "spoof") tags protected through encryption or a challenge-response protocol requiring the interrogator to send a password before the tag responds with its data. Nonetheless, Juels says, it is small and effective enough that a nefarious party could conceivably use it to read a tag embedded in the arm of a subway rider. If that VeriChip customer had the implant purely to be identified in a medical database in the case of an emergency, reading and cloning the VeriChip's ID would not provide any benefit to the attacker—unless that attacker had an interest in accessing the rider's medical history and the ability to access the secure VeriMed database.
Login and post your comment!
Not a member?
Signup for an account now to access all of the features of RFIDJournal.com!
SEND IT YOUR WAY
RFID JOURNAL EVENTS
ASK THE EXPERTS
Simply enter a question for our experts.