Monday, March 26, 2007

Human Implant RFID Gets Pwned at Shmoocon

Via InfoWorld.com -

Radio frequency identification tags have taken another hit from the security community and Adam Laurie -- an independent security researcher based in the U.K. -- can claim another first.

After setting off a torrent of worldwide media coverage by hacking the U.K.'s new RFID-enabled passports in a project sponsored by and first detailed by the Daily Mail newspaper earlier his month, Laurie used his presentation at the ongoing ShmooCon confab to show off techniques for hacking other RFID tags -- including one implanted inside a live human being.

After cracking the codes for a common RFID identification card and an RFID tag that would be found inside livestock, Laurie called up a volunteer from the audience who had a chip injected under their skin -- and who used the device among other things to unlock his laptop PC.

After a few minutes of wrangling with his RFID cloning device -- the same type of homemade utensil that researchers were planning to show off at the Black Hat DC conference earlier this month before ID card maker HID sufficiently intimidated researchers from IOActive against demonstrating their cloning reader -- Laurie opened the chip-wearing individual's laptop (and displayed his internal pass key to the entire audience, he better hope he can reset it).

In addition to proving further just how easily RFID tags can be hacked, Laurie effectively illustrated evidence of the type of dangers privacy advocates have cited in battling efforts to plant chips in humans (such as in the case of a Calif. School district that wanted to pin RFIDs on all its students).

If someone can hack the data on such chips, he said, it's logical to believe that someone wearing one could be tracked using the same information.

No comments:

Post a Comment