I confess that I’m curious about some news, but at the same time I’m worried about the “penetration” of technology in our lives. This is the case of a security researcher that used an NFC chip implant in his hand to demonstrate that it is possible to exploit Android devices and avoid to be detected by common body scanners located at airports and high-security environments.
Wahle explained to Forbes that bought a chip designed to be injected into cattle and implanted the chip by an “unlicensed amateur” for $40 by using a needle which was larger than he had initially expected.
“But implants aren’t for the squeamish. Wahle says the needle was bigger than he’d expected when he had the chip implanted by an “unlicensed amateur” for $40, enough to make him want to vomit. He says he had to go through a backstreet operation due to Florida’s restrictive body modification laws. He first had to acquire the chip, designed to be injected into cattle for agricultural uses, from Chinese company Freevision (see images below for their animal products and the sizeable syringe used by Wahle). But the chip, which has just 888 bytes of memory and is encapsulated in a Schott 8625 Bio-glass capsule, is now barely noticeable, Wahle says, poking at the cylindrical object over his webcam during a Skype call with FORBES.” reads Forbes.
The NFC chip used by Seth Wahle, an engineer at APA Wireless, was used to ping nearby Android mobile devices in the attempt to establish a direct connection.
Once established a link, due to the NFC chip, the attacker can serve a malicious file that if installed and run by the victims could allow to compromise the Android device. The infected phone will try to connect a remote server operated by Wahle, who can serve further malicious payloads and exploits on the mobile device (i.e. Metasploit).
This kind of attack could be very dangerous in case the attacker use sophisticated as efficient social engineering scheme. Implanted NFC chip could allow easily to bypass perimeter defense in high-security environments, even if IoT devices (i.e. wearables devices) are not allowed.
Wahle explained that none of the military scanners he had to pass through every day, while he was serving US military, was able to detect the implant.
Wahle and security consultant Rod Soto, will share more details about the biohacking during the next Hack Miami conference in May.
(Security Affairs – NFC Chip, hacking)