More Hackers at work:

VeriChip RFID Implant Hacked!

From Katherine Albrecht and Liz McIntyre
Spychips.com
1-28-6

Will Security Problems Quash IPO Plans for Controversial Company?

The VeriChip can be hacked! This revelation along with other worrisome details
could put a crimp in VeriChip Corporation's planned initial public offering
(IPO) of its common stock, say Katherine Albrecht and Liz McIntyre.

The anti-RFID activists and authors of "Spychips: How Major Corporations and
Government Plan to Track Your Every Move with RFID" make no bones about their
objection to VeriChip's plans to inject glass encapsulated RFID tags into
people. But now they've discovered information that could call VeriChip's entire
business model into question.

"If you look at the VeriChip purely from the business angle, it's a ridiculously
flawed product," says McIntyre. She notes that security researcher Jonathan
Westhues has shown how easy it is to clone a VeriChip implanted in a person's
arm and program a new chip with the same number.

Westhues, known for his prior work cloning RFID-based proximity cards, has
posted his VeriChip cloning demo online at http://cq.cx/verichip.pl.

The VeriChip "is not good for anything," says Westhues, has absolutely no
security and "solves a number of different non-problems badly."

The chip's security issues may spell trouble for those who have had one of the
microchips embedded in their flesh. These include eighteen employees in the
Mexican Attorney General's office who use an implanted chip to enter a sensitive
records room, and a handful bar patrons in Europe who use the injected chips to
pay for drinks. "What are these people going to do now that their chips can be
cloned?" says McIntyre. "Wear tinfoil shirts or keep everyone at arm's length?"

Albrecht quips, "A man with a chip in his arm may soon find himself wondering
whether that cute gal on the next bar stool likes his smile or wants to clone
his VeriChip. It gives new meaning to the burning question, 'Does she want my
number?'"

But the VeriChip's problems don't stop there, says McInytre, who is also a
former bank examiner and financial writer. She has carefully analyzed the
company's SEC registration statement and associated chipping information and
discovered serious flaws. It turns out the company's own literature indicates
that chipped patients cannot undergo an MRI if they're unconscious. What's more,
the company admits that critical medical information linked to the chip could be
unavailable in a real emergency. "These issues call VeriChip's promotional
campaigns and business plan into question," McIntyre says.

The instructions provided to medical personnel warn that chipped patients should
not undergo an MRI unless they are fully alert and able to communicate any
"unusual sensations or problems," like movement or heating of the implant. This
conflicts with company's efforts to promote people who cannot speak for
themselves, such as Alzheimer's patients, those with dementia, the mentally
disabled, and people concerned about entering an emergency room unconscious.

"The irony is that implantees will have to wear a Medic Alert bracelet or bear
some obvious marking so they aren't mistakenly put in an MRI machine," Albrecht
says.

Chipped patients might also have to wear a Medic Alert bracelet as a back-up in
case the VeriChip database containing their critical medical information is
unavailable. The fine print on the back of the VeriChip Patient Registration
Form warns implantees that "the Company does not warrant...that the website will
be available at any particular time," and physicians are told the product might
not function in places where there are ambient radio transmissions--like
ambulances. In addition, patients are required to waive any claims related to
the product's "merchantability and fitness." The waiver paragraph as it appears
on the form is reprinted below:

"Patient...is fully aware of any risks, complications, risks of loss, damage of
any nature, and injury that may be associated with this registration. Patient
waives all claims and releases any liability arising from this registration and
acknowledges that no warranties of any kind have been made or will be made with
respect to this registration. ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED,
HOWEVER ARISING, WHETHER BY OPERATION OF LAW OR OTHERWISE, INCLUDING BUT NOT
LIMITED TO ANY IMPLIED WARRANTIES OF MECHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE EXCLUDED AND WAIVED. IN NO EVENT SHALL THE COMPANY BE LIABLE TO
PATIENT FOR ANY INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING LOST
INCOME OR SAVINGS) ARISING FROM ANY CAUSE WHATSOEVER, EVEN IF ADVISED OF THEIR
POSSIBILITY, REGARDLESS OF WHETHER SUCH DAMAGES ARE SOUGHT BASED ON BREACH OF
CONTRACT, NEGLIGENCE, OR ANY OTHER LEGAL THEORY." [Emphasis in the original.]

"For a life or death medical device, that's unbelievable," says McIntyre. "I
wouldn't buy toilet paper that required that kind of a disclaimer, never mind a
product that's supposed to serve as a lifeline in an emergency."

McIntyre contacted the VeriChip Corporation for comments on these issues and was
initially promised a response. When the company failed to get to get back to
her, McIntyre followed up and was told that the employee had been instructed not
to answer her questions. The unanswered questions, along with photos of the
VeriChip and associated literature, are available at
www.spychips.com/verichip/unanswered-questions.html.

========================

ABOUT THE BOOK

"Spychips: How Major Corporations and Government Plan to Track your Every Move
with RFID" was released in October 2005. Already in its fifth printing,
"Spychips" is the winner of the Lysander Spooner Award for Advancing the
Literature of Liberty and has received wide critical acclaim. Authored by
Harvard doctoral researcher Katherine Albrecht and former bank examiner Liz
McIntyre, the book is meticulously researched, drawing on patent documents,
corporate source materials, conference proceedings, and firsthand interviews to
paint a compelling -- and frightening -- picture of the threat posed by RFID.

Despite its hundreds of footnotes and academic-level accuracy, the book remains
lively and readable according to critics, who have called it a "techno-thriller"
and "a masterpiece of technocriticism."

===============

CASPIAN: Consumers Against Supermarket Privacy Invasion and Numbering
Opposing retail surveillance schemes since 1999.

http://www.spychips.com/
http://www.nocards.org/

Lord Cerne Abbas

To rebel is right, to disobey is a duty, to act is necessary !

http://www.veloceraptor.free-online.co.uk/identity.html

http://www.veloceraptor.free-online.co.uk/mylinks.html

http://lordcerneabbas.blogspot.com/