Is Bio hacking a security risk? The future is now!

Pierluigi Paganini February 18, 2015

Bio hacking – technology and humans have never been so close, they complement each other. But what are the security and privacy risks?

IS BIOHACKING A SECURITY RISK?

Imagine a world where our day to day activities like door locking, supermarket purchases, credit card swipes and smartphone usage are replaced by just one chip embedded under your skin. We are upgrading the human bodies to meet the technological needs. The future is expected to be completely technology dependent with very little human interruptions. Humans have been implanting technologies in their bodies for medical reasons like the adoption of implantable aids such as pacemakers, insulin pumps, deep brain stimulation system, the world is already filling with humans who could be considered part machines.

BioHacking

A practice of engaging biology with the hacker ethics. It is a wide spectrum of practices and movements ranging from designing and installing Do-It-Yourself body-enhancements such as chip implants. The term applies to any advanced technique that uses science and technology to improve human output and performance. To many, biohacking is a highly radical, unregulated science.

Early Experiments in BioHacking:

Kevin Warwick, Deputy Vice-Chancellor University(Research) at Coventry University, UK, conducted multiple experiments on himself. In 1998, he implanted a chip into his forearm to communicate with a computer programmed to respond to his actions. By tracking his movement through the halls and offices where he conducted research, the computer could turn on lights or opens doors for him.

bio hacking 2

To explain how a machine could interpret what the body wants to do, Warwick likened the nerve signals to a telephone line. An implanted chip wouldn’t hinder any nerve impulses from the brain to a body part’s muscles and tendons; it would just tap into the signals being sent and received.

In 2002, Warwick went much further. He implanted an electrode that transmitted nerve signals to robot arms. By moving his hand in New York, he could use an Internet connection to watch a robot replicate his movements in the UK. Warwick also installed a matching implant into his wife’s nervous system.

By connecting neurally to his wife, the couple accurately identified each other’s nerve signals about 98 percent of the time. For example, if his wife moved her hand, Warwick could feel a sensation down his left index finger.

“It didn’t feel like pain or heat or seeing. It was like an entirely new sense. And that was part of the experiment: to see if the brain can adapt and take on new types of input and learn to understand,”Warwick said.

Future of Bio Hacking

  • Smart implants will be used for Identification and Authentication of individuals, tasks and services.
  • Identification will include activities like accessing buildings, activating mobile devices, controlling room temperature.
  • Smart implant Authentication can be used for authenticating a bank transaction, part of a two factor authentication replacing smartphone PIN codes, activity logging and health monitoring.

BioNyfiken, a bio hacking group based in Stockholm, Sweden, is a breeding ground for advancement in the field of biohacking. While it began with a small group of people willing to experiment with everything from “biology to cells to plants to Homo sapiens”, in the last few months, over 300 people in the country have now volunteered to have NFC chips embedded in the skin between thumb and forefinger in their hands. This NFC chip has the capability to replace house keys, business card and bike lock.

Check out the below video on RFID chip

Privacy problems:

Connecting our bodies to the internet might pose a major security risk. Security firm like Kaspersky Labs has teamed up with BioNyfiken to uncover the risks involved in biohacking.

Patrick Mylund Nielsen, Senior Security Researcher at Kaspersky says

“The trend with Internet of Things has been to create products and get them to market fast. Security is often an afterthought. What happens when our private keys are under our skin? Can somebody become a virtual copy of me by shaking my hand?”

Is Bio hacking Secure?

For now, there’s no clear way to regulate bio hacking. Legislators have paid little attention to regulating individuals, though the FBI is wary. It has encouraged biohackers to create a neighborhood watch-type program so that the biohacker community can spot misuse. Since biohacking is a relatively new field, that’s all the more reason to establish a precedent for how it is monitored within the traditionally unregulated environment from which it was borne.

In addition to legal concerns, biohacking has some security issues that need to be considered, too. Implant technology has a well-established role in the medical field, but the medical industry faces vulnerability from lack of cyber security practices among medical device makers and health-care facilities.

The emergence of the Internet of Things will play a major role in Cyber Security for the year 2015. RFID or NFC implantable chips should be extensively tested for Security and vulnerability related risks before introducing it to the market.

Weak vendor passwords, out-of-date software, poorly-protected Internet connections, and untested patches by vendors would make it easy for a hacker to plug into a hospital network and attack vulnerable systems. If a hospital’s network or software security is compromised, life-saving technology could become life-threatening.

One of the main issues is that these devices use web services to communicate with each other and feed data directly to patient’s medical records. A lot of web services are unauthenticated or unencrypted between devices, so a hacker could alter the information that gets fed into the medical record, said Scott Erven, head of information security at Essentia Health. Since physicians are taught to rely on information found in medical records, they might misdiagnose a patient or administer the wrong prescriptions.

About the Author Ashiq JA (@AshiqJA)
Ashiq JA (Mohamed Ashik) is a Cyber Security Researcher and Writer passionate about Web Application Security, Security research using Machine Learning and Big Data, Deep web, Security technologies and Threat Analysis. He is currently working as a Security Consultant for a financial firm. He believes in knowledge sharing as the best source for information security  awareness. To catch up with the latest news on InfoSec trends, Follow Ashiq JA on Twitter @AshiqJA.

Edited by Pierluigi Paganini

(Security Affairs –  Bio hacking, IoT)



you might also like

leave a comment