Jonathan Westhues
Encyclopedia
Jonathan Westhues is a software, electronics, and security researcher known for his work exposing the security vulnerabilities of the VeriChip
VeriChip
VeriChip was the only Food and Drug Administration -approved human-implantable radio-frequency identification microchip. It was marketed by PositiveID, a subsidiary of Applied Digital Solutions, and it received United States FDA approval in 2004. Its manufacture and marketing were discontinued in...

 microchip implant
Microchip implant
Microchip implant can refer to:* Microchip implant * Microchip implant...

 and the proximity card
Proximity card
Proximity card is a generic name for contactless integrated circuit devices used for security access or payment systems. The standard can refer to the older 125 kHz devices or the newer 13.56 MHz contactless RFID cards, most commonly known as contactless smartcards.Modern proximity cards...

 (RFID-based building access systems). Weshues has demonstrated his ability to hack the VeriChip
VeriChip
VeriChip was the only Food and Drug Administration -approved human-implantable radio-frequency identification microchip. It was marketed by PositiveID, a subsidiary of Applied Digital Solutions, and it received United States FDA approval in 2004. Its manufacture and marketing were discontinued in...

 and building access cards to numerous media outlets, including NewsHour with Jim Lehrer
Jim Lehrer
James Charles "Jim" Lehrer is an American journalist and the executive editor and former news anchor for PBS NewsHour on PBS, known for his role as a frequent debate moderator during elections...

.

VeriChip Research

Westhues has developed a battery-powered, hand-held device capable of reading and cloning the information contained on a VeriChip
VeriChip
VeriChip was the only Food and Drug Administration -approved human-implantable radio-frequency identification microchip. It was marketed by PositiveID, a subsidiary of Applied Digital Solutions, and it received United States FDA approval in 2004. Its manufacture and marketing were discontinued in...

 microchip implant
Microchip implant (human)
A human microchip implant is an integrated circuit device or RFID transponder encased in silicate glass and implanted in the body of a human being...

. The cloning process can be accomplished in a matter of seconds, simply by standing near a person with an implant and pressing a button on the device. Westhues' work raises questions about the use of VeriChip implants for building access or security purposes, as well as concerns over identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...

, stalking
Stalking
Stalking is a term commonly used to refer to unwanted and obsessive attention by an individual or group to another person. Stalking behaviors are related to harassment and intimidation and may include following the victim in person and/or monitoring them via the internet...

, and privacy invasion.

In 2006, Westhues read the VeriChip microchip implanted in the arm of journalist Annalee Newitz
Annalee Newitz
Annalee Newitz is an American journalist who covers the cultural impact of science and technology. She received a PhD in English and American Studies from UC Berkeley, and in 1997 published the widely cited book, White Trash: Race and Class in America. From 2004–2005 she was a policy analyst...

 at the HOPE hacker conference. (Audio of the presentation is available on the HOPE Number 6 website: MP3|Streaming Audio). Newitz' article about the incident appeared in the May 2006 issue of Wired
Wired (magazine)
Wired is a full-color monthly American magazine and on-line periodical, published since January 1993, that reports on how new and developing technology affects culture, the economy, and politics...

magazine.

Prox Card and Identity Card Research

Westhues has also pointed out vulnerabilities in widely-used RFID proximity cards, showing that they can be queried and cloned. In 2006, Westhues was hired by California
California
California is a state located on the West Coast of the United States. It is by far the most populous U.S. state, and the third-largest by land area...

 State Senator Joe Simitian
Joe Simitian
Saren Joseph Simitian is a Democratic California State Senator elected in 2004. Simitian represents the 11th Senate District, which encompasses all or part of 13 cities in San Mateo, Santa Clara, and Santa Cruz counties....

 to illustrate the ease with which state lawmakers' RFID-based ID cards could be read and cloned. He successfully read and cloned the ID card of California State Assembly
California State Assembly
The California State Assembly is the lower house of the California State Legislature. There are 80 members in the Assembly, representing an approximately equal number of constituents, with each district having a population of at least 420,000...

 member Fran Pavley
Fran Pavley
Frances J. "Fran" Pavley is a Democratic politician who currently represents Senate District 23, including portions of Los Angeles and Ventura Counties in the California Legislature. She previously served as a California Assemblywoman and as the first mayor of the Southern California community of...

, who remarked, "All that was done within a moment's notice of time without me even being aware of it." An ABC news clip about the incident can be viewed here.

In March 2008, the Digital Security research group of the Radboud University Nijmegen
Radboud University Nijmegen
Radboud University Nijmegen is a public university with a strong focus on research in Nijmegen, the Netherlands...

 announced that it had cloned and manipulated the contents of a MIFARE
MIFARE
MIFARE is the NXP Semiconductors-owned trademark of a series of chips widely used in contactless smart cards and proximity cards. According to the producers, billions of smart card chips and many millions of reader modules have been sold...

 Classic card using schematics and software created by Jonathan Westhues and released under the free GNU General Public License
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....

. The MIFARE Classic card is used for electronic wallet, access control, corporate ID cards, transportation or stadium ticketing.

Book Chapter

  • ed. Garfinkel. RFID: Applications, Security, and Privacy. Addison-Wesley Professional, 2005.

(Chapter 19, describing several attacks on proximity cards)

Articles and papers

  • with Halamka et al. "The Security Implications of VeriChip Cloning." Journal of the American Medical Informatics Association, August 2006
  • with Raskar et al. LumiNetra: "High Speed Scene Point Capture and Video Enhancement using Photosensing Markers and Multiplexed Illumination." SIGGRAPH 2007.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK