Jonathan Westhues
Jonathan Westhues is a software, electronics, and security researcher known for his work exposing the security vulnerabilities of the VeriChip microchip implant and the proximity card (RFID-based building access systems). Weshues has demonstrated his ability to hack the VeriChip and building access cards to numerous media outlets, including NewsHour with Jim Lehrer.[1]
VeriChip Research
Westhues has developed a battery-powered, hand-held device capable of reading and cloning the information contained on a VeriChip microchip implant.[2] The cloning process can be accomplished in a matter of seconds, simply by standing near a person with an implant and pressing a button on the device. Westhues' work raises questions about the use of VeriChip implants for building access or security purposes, as well as concerns over identity theft, stalking, and privacy invasion.
In 2006, Westhues read the VeriChip microchip implanted in the arm of journalist Annalee Newitz at the HOPE hacker conference. (Audio of the presentation is available on the HOPE Number 6 website: MP3|Streaming Audio). Newitz' article about the incident appeared in the May 2006 issue of Wired magazine.[3]
Prox Card and Identity Card Research
Westhues has also pointed out vulnerabilities in widely used RFID proximity cards, showing that they can be queried and cloned.[4] In 2006, Westhues was hired by California State Senator Joe Simitian to illustrate the ease with which state lawmakers' RFID-based ID cards could be read and cloned. He successfully read and cloned the ID card of California State Assembly member Fran Pavley, who remarked, "All that was done within a moment's notice of time without me even being aware of it." [5] An ABC news clip about the incident can be viewed here.
In March 2008, the Digital Security research group of the Radboud University Nijmegen announced that it had cloned and manipulated the contents of a MIFARE Classic card using schematics and software created by Jonathan Westhues and released under the free GNU General Public License.[6] The MIFARE Classic card is used for electronic wallet, access control, corporate ID cards, transportation or stadium ticketing.
See also
Publications
Book Chapter
- ed. Garfinkel. RFID: Applications, Security, and Privacy. Addison-Wesley Professional, 2005.
(Chapter 19, describing several attacks on proximity cards)
Articles and papers
- with Halamka et al. "The Security Implications of VeriChip Cloning." Journal of the American Medical Informatics Association, August 2006
- with Raskar et al. LumiNetra: "High Speed Scene Point Capture and Video Enhancement using Photosensing Markers and Multiplexed Illumination." SIGGRAPH 2007.
References
- NewsHour with Jim Lehrer, "New Identification Technology Raises Concerns over Privacy." PBS, August 17, 2006.
- Westhues, Jonathan. "Demo: Cloning a VeriChip." Demo: Cloning a VeriChip.
- Newitz, Annalee. Wired. May 2006. "The RFID Hacking Underground.".
- Westhues, Jonathan. "Proximity Cards." Proximity Cards
- KGO-TV ABC News Channel 7, "Badges Under Scrutiny At Capitol", June 22, 2006. (Accessed November 25, 2009.)
- Digital Security Group (2008-03-12). "Security Flaw in Mifare Classic". Radboud University Nijmegen.