A security researcher implanted an NFC Chip in his Hand to bypass security scanners in high-security environment and exploit Android mobile devices.
I confess that I’m curious about some news, but at the same time I’m worried about the “penetration” of technology in our lives. This is the case of a security researcher that used an NFC chip implant in his hand to demonstrate that it is possible to exploit Android devices and avoid to be detected by common body scanners located at airports and high-security environments.
Wahle explained to Forbes that bought a chip designed to be injected into cattle and implanted the chip by an “unlicensed amateur” for $40 by using a needle which was larger than he had initially expected.
“But implants aren’t for the squeamish. Wahle says the needle was bigger than he’d expected when he had the chip implanted by an “unlicensed amateur” for $40, enough to make him want to vomit. He says he had to go through a backstreet operation due to Florida’s restrictive body modification laws. He first had to acquire the chip, designed to be injected into cattle for agricultural uses, from Chinese company Freevision (see images below for their animal products and the sizeable syringe used by Wahle). But the chip, which has just 888 bytes of memory and is encapsulated in a Schott 8625 Bio-glass capsule, is now barely noticeable, Wahle says, poking at the cylindrical object over his webcam during a Skype call with FORBES.” reads Forbes.
The NFC chip used by Seth Wahle, an engineer at APA Wireless, was used to ping nearby Android mobile devices in the attempt to establish a direct connection.
Once established a link, due to the NFC chip, the attacker can serve a malicious file that if installed and run by the victims could allow to compromise the Android device. The infected phone will try to connect a remote server operated by Wahle, who can serve further malicious payloads and exploits on the mobile device (i.e. Metasploit).
This kind of attack could be very dangerous in case the attacker use sophisticated as efficient social engineering scheme. Implanted NFC chip could allow easily to bypass perimeter defense in high-security environments, even if IoT devices (i.e. wearables devices) are not allowed.
Wahle explained that none of the military scanners he had to pass through every day, while he was serving US military, was able to detect the implant.
Wahle and security consultant Rod Soto, will share more details about the biohacking during the next Hack Miami conference in May.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.