Bio-Implants Aren't Just for Aliens Anymore

Normally when one hears the term ‘implant’ being bandied about, ‘alien’ and ‘abduction’ are not too far behind. But while the truth may be out there, the latest implant-related horror is actually self-inflicted.

Put simply, it’s possible to inject a computing device under one’s skin to avoid physical and digital scanning technology – and that’s exactly what US navy petty officer Seth Wahle did in the quest to find new cybersecurity attack vectors. Wahle, who is now an engineer at APA Wireless, wanted to know if biohacking could work. And work it did, bearing more fruit than any off-planet human/hybrid breeding program has to date.

Wahle implanted a chip in his hand, in between the thumb and the finger, using off-the-shelf tools (by which we mean a syringe meant for cattle and a $40-a-pop unlicensed procedure in a backroom ‘operation’ theater). Then, with a known attack technique over NFC, he was able to remotely take over Android phones in his nearby vicinity.

The chip has an antenna that pings Android phones, asking their owners to open a link. If the user falls for it and clicks, a malicious file is installed that proceeds to open a comms channel to the mothership, ie a C&C server. The server can then issue commands to the device, and the owner is none the wiser.

In a demo for Forbes, Wahle was able to force a random Android device to take a picture of him.

While the NFC-based attack is nothing new (just check Metasploit), what’s remarkable about this is the fact that it allows anyone to get past physical security (like at an airport), as well as digital scanning (as in a military environment) with a malicious device.

Wahle says he put the chip in when he was still employed by the military, and that it was never picked up by metal detectors.

“They would have to put me through the X-ray [if they were going to detect the chip],” he told Forbes.

Kevin Warwick, professor of cybernetics at the University of Reading in the UK and an implant pioneer/guinea pig, told the magazine that he knows from experience just how stealthy implants can be.

“Such an implant doesn’t get picked up at airports and so on; the amount of metal in it is far, far less than wearing a watch or wedding ring,” he told Forbes. “Even my neural implant of 2002, with a length of platinum wire implanted, was not picked up. In fact I still have some of the wires in my arm and fly regularly.”

One can imagine the implications when it comes to fighting, say, alien insurgents with body-scanning capabilities. Or in a scenario closer to reality in most people’s minds, the applications for espionage, both corporate and state-level.

In any event, the cat is out of the bag, even if the implant is still in Wahle. He’ll be showing off the attack at the Hack Miami conference in May, alongside the event’s secretary of the board and security consultant Rod Soto. The message? Armed with $40 and a cattle syringe, you too can have a computing device under your skin that evades physical and digital scanning.

“This is just the tip of the iceberg… anyone can do this,” Soto said.

What’s Hot on Infosecurity Magazine?