Security issues of VeriChip
ing. Zhang Biyong
Kerckhoffs Institute &
Dept. of Mathematics and Computer Science
Technical University of Eindhoven
15th June 2008
Abstract. VeriChip is the first Food and Drug Administration (FDA)-approved human-
implantable radio-frequency identification (RFID) microchip. It is proposed to be used for
identification of medical patients, physical access control, contactless retail payment, and
against infant abduction.
VeriChip is marketed by VeriChip Corporation and their website alleges that the VeriChip
can’t be lost, stolen, misplaced, or counterfeited . However as a matter of fact, the
VeriChip even can not withstand a simple cloning attack. When an attacker has the ability
to scan a VeriChip, eavesdrop on its signal, or even directly learn its serial number, then
he could simply clone a device that can not be distinguished from the original by the
VeriChip reader. The major focus of this paper is to explore and discuss the possibility of
VeriChip cloning both in theory and practice.
Keywords: RFID, privacy, security, VeriChip, cloning, tracking, identification,
As a human-implantable RFID microchip, VeriChip lie its great expansibility in several
trends nowadays. About fifty million house pets around the world already bear implanted
wireless microchip similar in form and function to the VeriChip. People would identify
lost animals under the help of these chips. In private facilities, the VeriChip can enhance
physical access control, as it permits automated identification of individuals and tracking
of their movements in buildings . For personal safety, a Mexican distributor
announced plans to create an anti-kidnapping system for children using the VeriChip a
few years ago . The VeriChip may also be used as a payment device, even become
replacement of credit-card . These products are called VeriPay in the market. Besides
these, we believe VeriChip may have broader applications in daily life, such as anti-theft
systems for automobiles , military supply chains and so on.
However with the spread of VeriChip, disputes and problems come at the same time. The
first focus is the privacy concern. People are afraid of personal information leaking after
implanted VeriChip since VeriChip bearer can be tracked under certain situation. Another
side, people have a question mark about whether the data kept in VeriChip is secret. This
raises another concern, security, which is different from privacy issue, but more serious
here. Unfortunately the answer is no. In this paper, we would explain a straightforward
cloning attack against VeriChip. We are going to argue that VeriChip may be used as
identification tool rather than an authentication tool. For the authentication purpose, as a
proof of identity, VeriChip is inappropriate and dangerous.
This paper is structured with 6 sections. Besides section 1 for introduction, section 2
gives a general concept about the application of RFIDs in healthcare. In section 3, the
background of VeriChip is explained and this gives readers a deep understanding of
VeriChip. We would bring the discussion regarding privacy and security of VeriChip in
section 4. Then section 5 is the VeriChip cloning technology and the relevant studies. The
conclusions and further work is arranged at the end as normal, so in section 6.
2 RFIDs in Healthcare
RFID is an enabling technology that saves lives, prevents errors, saves costs and
increases security . The deployment of RFID in the healthcare and pharmaceuticals
area is considered to be in rapid increasing nowadays. Benefits could be brought by
healthcare RFIDs, such as patient identification, equipment tracking, making newborns
more secure and reducing drug and blood administration errors. Also opportunities could
be seen in the following sectors:
Medical disposables and other items
Pallets and cases
Conveyances, vehicles, assets
Real Time Locating Systems (RTLS)
Sensor based applications
Based on the difference of power supply source, RFID tags can be divided into two
classes: passive tag and active tag.
2.1 Passive RFID tag
Passive tag does not contain a battery and the power is supplied by the reader. When
radio waves from the reader are encountered by a passive RFID tag, the coiled antenna
within the tag forms a magnetic field. The tag draws power from it, energizing the
circuits in the tag. The tag then sends the information encoded in the tag's memory. 
The advantages of a passive tag are:
- The life-span of the tag can be longer than 20 years since the tag doesn’t have
- The cost of manufacture is typically less expensive.
- The tag is much smaller, even could be made as big as the size of a grain of rice.
The disadvantages of a passive tag are:
- The tag can only be read within in a limited distance from the reader.
- It may not be possible to include sensors that can use electricity for power.
- The tag remains readable for a very long time, even after the product to which the
tag is attached has been sold and is no longer being tracked.
VeriChip is a leading exemplar in field of passive RFID application for healthcare usage.
When comparing with printed barcodes, passive tag has significant advantages though
they are both battery less. Unlike barcodes, RFID do not require line of sight reading .
Hence an RFID reader can read the tags of sleeping patients or of swaddled babies in
intensive care units without repositioning their bodies. Moreover, RFID tags are better
suited than barcodes for a variety of environmental conditions, as they are resistant to
moisture, crushing, and tearing. However the shortage of RFID tags lies on the cost. The
make up of a RFID transponder is a little more complicated than a set of printed lines (or
bars) like with barcodes. It consists of at least an antenna, a capacitor and a smart chip.
So it is not really hard to understand why it is more expensive. Much thought has gone
into the process to reduce the cost in order to gain the competitive advantage, but the
material, labor and manufacturing costs can only be driven down to a certain extent.
The price of RFID equipment and tags is a substantial jump, but as the old saying goes
“you pay for what you get”. On the same token, where RFID cannot compete with
barcodes on price the benefits of RFID certainly out perform the advantages that
barcodes unfortunately can never offer .
2.2 Active RFID tag
Active tag is equipped with a battery that can be used as a partial or complete source of
power for the tag's circuitry and antenna. Some active tags contain replaceable batteries
for years of use; others are sealed units. (Note that it is also possible to connect the tag to
an external power source.) 
The advantages of an active tag are:
- It can be read at a distance even longer than one hundred feet way from the reader.
- It may have other sensors that can use electricity for power.
The disadvantages of an active tag are:
- The life-span of the tag is limited since it can not function without battery power.
- The cost is more expensive, not only for manufacture but also for the long-term
- The tag is physically larger, which may limit applications.
- Battery outages in an active tag can result in expensive misreads.
2.3 Application of RFIDs in healthcare
Currently the application of RFIDs on human is still limited. Beth Israel Deaconess
Medical Center is a Harvard teaching hospital located in Boston and there are two
applications are running with passive RFID tags there right now . The Beth Israel
Deaconess Emergency Department is outfitted with passive RFID scanners to read
implanted chips . When a confused or unconscious patient who has implanted RFID
arrives, a medical record identifier could be obtained by scanning the implanted RFID.
Then this identifier is used to retrieve the patient’s medical history that is stored in the
hospital’s database. The RFID only plays the role of identification in this case, but
authentication is not necessary, because the medical record always contains the patient’s
basic information such as gender, age and race which can be used to have a quick check.
Further more, the social and medical history contained in the record may also help to
confirm the patient’s identity.
In another sector of Beth Israel Deaconess Medical Center which is called Beth Israel
Deaconess Neonatal Intensive Care Unit (UICU), babies are outfitted with RFID
wristbands . Nurses may scan a baby’s RFID wristband to identify his mother’s milk
which is stored in NICU refrigerators. Additionally, RFID scanners are implanted in door
frames to detect babies passing in and out of the UICU. Here RFID also doesn’t have
function of authentication.
The passive RFID, especially like implanted RFID already showed its potential of usages
in healthcare field.
Automated registration: Patients could be easily registered by scanning their RFID tags,
and then related information, like demographics, insurance and medical history can be
retrieved by clinicians in a short time. This definitely saves the regular time to fill in the
normal clip board.
Patient safety: Many hospitals use a system of stickers with Blood tests and medications.
When some patients’ names are similar or even exactly the same, confusion may arise. If
each patient is scanned as a blood sample is drawn, the sample can be tagged with
accurate patient identifiers. Similarly, scanning patients prior to the delivery of
medications can eliminate errors of identification.
Patient tracking: Door-frame scanners or hand-held devices could be used to scan the
patients who are moving in the hospital. Patient location information would empower
Besides passive RFID tags, active RFID tags are valuable in healthcare field. They can be
used to track medical personnel and equipment such a patient beds. In Beth Israel
Deaconess is currently using active tags to track equipment such as ventilators, IV pumps
and EKG devices in the emergency department. The search times for such tracked
devices have dropped to nearly zero .
3 Background of VeriChip
VeriChip Products are commercial products of VeriChip Corporation, using RFID tag
technologies. Beyond just passive and active tags, it includes implantable, wearable and
attachable form factors. With different form factors, VeriChip products are associated
with different tag technologies and solutions. Implantable VeriChip products are utilizing
the implantable, passive microchip, in their solutions for the purpose of automatic
identification. Wearable VeriChip products refer to VeriChip Corporation’s selection of
active RFID tags that can be worn by an individual (usually on the wrist or leg).
Attachable VeriChip products refer to VeriChip Corporation’s selection of active and
passive RFID tags, such as the Asset Tag affixed to items .
The name of VeriChip, also called VeriChipTM, is especially used for Implantable
VeriChip products. In this paper, VeriChip means the human implantable RFID
microchip developed by VeriChip Corporation. It has the size twice as a grain of rice and
the device is typically implanted above the triceps are of an individual’s right arm. Once
inserted under the skin, via a quick, painless outpatient procedure, the VeriChip is
invisible to the naked eye.
Figure 1: VeriChip
As a passive RFID tag, VeriChip operates at 134 kHz. When the tag is excited by a
sufficiently strong magnetic field at that frequency, the circuitry on the chip powers up
and responds a unique, 16-digit identifier over the air. The communication is a one way
communication from tag to reader, which means the tag will not get any feedback from
the reader. Therefore the tag continuously transmits its identifier until it is powered off.
As mentioned above, the microchip contains a 16-digit ID which means 128 bits.
Theoretically there could be 2128 unique VeriChip exiting in this world, however perhaps
the number should be lower in practice. First, because the ID is “looped,” the reader
knows the tag’s ID only up to a cyclic shift: there is no designated first or last bit in the
bit stream that the VeriChip emits. It is thus necessary to assign some bits as a
synchronization marker or to resolve this ambiguity through some other coding method.
Second, it is likely that some of the bits in the VeriChip emission represent a checksum
or some other error-detecting or –correcting code .
4 Privacy and Security
Along with the birth of VeriChip, the dispute regarding privacy and security comes into
people’s sight. The dispute is focusing on two points. One is the safety of the information
stored within VeriChip and another one is the tracking function of VeriChip.
Privacy advocates treated RFID devices like VeriChip as spy-chips, worry potential
abuse of such devices. Once these devices are used by governments, and then tracking of
citizens and increasing any moves towards a police state are concerned . Further more,
the information stored in VeriChip can not be guaranteed against theft. Although
VeriChip contains nothing more than a unique 16-digit identifier, this 16-digit identifier
might be used to link the person to his privacy information what is stored in a database.
Even the database is password protected, but the risk is always there to lead personal
When anyone holds a VeriChip reader, he could directly read the information within
VeriChip since the data is unencrypted and it does not have the functionality to authorize
only certain people to read it . Being a passive RFID microchip containing only a
unique 16-digit identifier it can be read by a VeriChip reader held up closely to the
location of the inserted chip. The VeriChip’s small size is its biggest security feature. The
antenna inside the VeriChip is very small and therefore inefficient . Consequently, the
read range is rather limited. Only a powerful carrier can excite the tag, and the
information-bearing signal that the tag returns is weak.
Currently only health related information are stored in the database associated with the
device, without any financial information or social security number. The information
itself is controlled and directed by the subscriber. Specifically because it is technically
possible to extract the information on a VeriChip, the chip contains only a nondescript
16-digit number. The one who possess a secure logon participating medical facilities may
access the associated personal health record of a subscriber with his 16-digit identifier. Of
course, a record is made every time anybody logs on and accesses a subscriber's record
5 VeriChip Cloning
An implanted VeriChip was cloned in 2006 as a demonstration by Jonathan Westhues .
In literature , cloning experiments on VeriChip are introduced in detail. For those
experiments the “proxmarkii” generalized RFID tag reader/cloner is used. Proxmarkii
could be used to replay the stored VeriChip IDs to readers.
Proxmarkii is an RFID reading and simulation device developed by Westhues,
who used an earlier version to demonstrate cloning attacks against proximity
cards [9, 10]. It is especially designed for research purposes and could handle a
large variety of formats for the signal over the air. It is also capable of simulating
any kind of low-frequency RFID tag [5, 9].
Westhues was using reverse engineering in principle to carry out these experiments with
his colleagues. Once a VeriChip is activated, it will continuously and repeatedly send out
its ID with periodic signal, until the external power is off. The period of the returned
signal could be determined by doing a quick autocorrelation. For signal processing, the
trace could be saved and done in proxmarkii software, which may also be instead of by
MATLAB. In figure 2 , it shows that the period is 2048 samples (which, sampling
every other carrier clock, is 4096 carrier clocks).
Figure 2: VeriChip signal processing trace (autocorrelation)
Autocorrelation is a mathematical tool for finding repeating patterns, such as the
presence of a periodic signal which has been buried under noise, or identifying the
missing fundamental frequency in a signal implied by its harmonic frequencies. It
is used frequently in signal processing for analyzing functions or series of values,
such as time domain signals. Informally, it is the similarity between observations
as a function of the time separation between them. More precisely, it is the cross-
correlation of a signal with itself .
By looking at the graph of the signal received from the tag (see figure 3 ), it is able to
determine that each bit is emitted over an interval of 32 clock cycles.
Figure 3: VeriChip doing demod
So it is not hard to conclude that
length of the ID = 4096/32 = 128 bits
Jonathan Westhues guesses that the ID is transmitted using Manchester-coded
Amplitude-Shift Keying (ASK), otherwise that might be weird. For now, that is also
possible to get the mapping between the tag’s ID and the signal sent over the air if more
time is spent. However it is not necessary in these experiments .
There are two un-implanted and one implanted VeriChip tags are studied. Only 32 bits of
the total 128 bits transmitted value displays difference. These 32 bits are separated into
two 16-bit sections surrounded by bit patterns that most probably synchronize the reader.
It is possible that some of the other bits in the signal also transmit ID data, but the 128-bit
tag IDs observed contain mostly 0’s. Because the samples are quite limited, accurate
conclusion can not be made. But it is likely some bits are a checksum.
Actually a VeriChip tag always transmits the same signal, so cloning a VeriChip is just a
matter of determining the signal and building a device that mimics that signal. It is not
necessary to get to know the details of the structure of the tags’ ID. If the specifications
for the VeriChip were known, then it would be possible to perform the “read” portion of
the cloning using a commercial off-the-shelf reader. People could then take the ID that
the reader provides, and map it back on to a signal over the air, according to the
Another issue is the start time point of the signal. When cloning a tag, then it is arbitrary
which point in the signal designated as t = 0. The ID just loops, so the signal over the air
is unaffected .
In the experiments, the received signal is re-modulated and downloaded to proxmarkii.
Putting proxmarkii in “simulate” mode, it is now indistinguishable from the legitimate
Figure 4: Reader display from the signal emitted by proxmarkii
The basic cloning is completed here. There are two kinds of attacks relevant against the
VeriChip. They are replay attack and existential cloning attack and we are going
introduce them next.
5.1 Replay attack
For replay attack, the signal from the target VeriChip is simply captured and re-
transmitted to a reader. The complexity of the attack results only from the engineering
details of the communications link over the air. A replay attack could be treated as full-
blown cloning, since the VeriChip emits a static identifier. The harvested signal may be
replayed indefinitely while appearing valid to a reader .
The cause of replay attack against VeriChip is due to the design. In principle, if the
VeriChip modify its emitted ID over time, then it could prevent replay attacks or render
replay attacks less effective. Of course, in this case, more additional resources are
needed in the tag. A VeriChip that transmits unidirectional signal cannot prevent replay
attacks. Another side, tags that execute bidirectional protocols such as challenge-response
algorithms can defend against replay attacks effectively .
5.2 Existential cloning attack
According to the experiment studying results in , it shows a threat of existential
cloning clearly. The IDs in the three VeriChips studied appears very likely come from a
small identifier space. Except the first four digits (“1022” in decimal) which appear to be
a fixed header value, all three decimal IDs are integers less than 50,000. Therefore it is
conceivable that VeriChip emerge from production process that assigns sequential or
otherwise non-random serial numbers to chips .
As mentioned previous, in those experiments, there are 32 bits whose values varies
among the over-the-air signals of the three tags. Based on the educated guess of the
experimentalist, it says that 16 to 24 of these bits encode ID values while the remaining 8
to 16 bits encode a checksum of some kind. If the checksum is not keyed, then it would
be rather easy to perform existential forgery with some additional work. Another side, if
the checksum is keyed, for example it depends on a secret key shared among VeriChip
readers, then existential forgery would be more difficult . In this case, an attacker has
to compute the correct checksum for a given ID by following steps below :
1) Extract the secret key from a reader by means of reverse engineering or
2) Determine the secret key by means of cryptanalysis
3) Guess random checksums and test them against a valid reader or reader
If an attacker would apply existential cloning attack, then it is a serious problem. We
could image that once an attacker get one ID, then after observation he could probably
guess other IDs for the same usage purposes. In order to minimize the risks of existential
forgery, the assignment of random VeriChip IDs over a large enough space would an
6 Conclusions and further work
It is rather not hard to conclude that VeriChip is only applicable for identification, but not
for authentication. Since the vulnerability of the VeriChip is quite obvious, even it can
not against basic and simple cloning attacks, it is unadvisable and dangerous to apply
VeriChip for security systems such as payment systems and physical access systems.
Attackers with little resources could easily clone VeriChip, and then implement replay
attacks and existential cloning attacks in worse cases.
We also discussed privacy and security concerns involved with VeriChip. In order to
reduce the privacy issues, there is a design for an implantable RFID tag proposed in 
and it is given a name called iChip. An iChip emits an identifier through a simple
cryptographic scheme that helps protect privacy but at the same time expressly enables
straightforward cloning .
We definitely believe VeriChip has broad applications in people’s daily life in future. In
order to get wider usage, it is necessary to add extra functionality to VeriChip tags,
especially for security reasons. At the same time, more resources and memory are needed
1. VeriChip corporation web site. Referenced June 1, 2008 at http://www.verichipcorp.com/
2. Rapid adoption of RFID in healthcare. Referenced June 3, 2008 at
3. Passive RFID tag. Referenced June 3, 2008 at http://www.technovelgy.com/ct/Technology-
4. Active RFID tag. Referenced June 3, 2008 at http://www.technovelgy.com/ct/Technology-
5. J. Halamka, A. Juels, A. Stubblefield, and J. Westhues. The Security Implications of VeriChip
Cloning. Manuscript in submission, March 2006
6. Radio Frequency Identification (RFID) Vs Barcodes. Referenced June 3, 2008 at
7. VeriChip. Referenced June 1, 2008 at http://en.wikipedia.org/wiki/Verichip
8. J. Halamka. Straight from the shoulder. The New England Journal of Medicine, 353:331–333,
28 July 2005.
9. J. Westhues. Proxmarkii description, 2006. Referenced June 10, 2008 at
10. J. Westhues. Hacking the prox card. In S. Garfinkel and B. Rosenberg, editors, RFID:
Applications, Security, and Privacy, pages 291–300. Addison-Wesley, 2005.
11. Autocorrelation. Referenced June 10, 2008 at http://en.wikipedia.org/wiki/Autocorrelation
12. J. Westhues. Demo: Cloning a VeriChip, 2006. Referenced June 10, 2008 at
13. Access Control and Security System. Referenced June 11, 2008 at
14. J. Scheeres. Tracking junior with a microchip. Wired News, 10 October 2003. Referenced
June 11, 2008 at http://www.wired.com/news/technology/0,1282,60771,00.html
15. VeriPay. Referenced June 11, 2008 at http://www.technovelgy.com/ct/Science-Fiction-