Hacked Implants

Hi everyone,
I'm new to the forum, pls bear with me.
I have a question regarding RFID, NFC implants (and other tag/chips some of you might have contemplated implanting or experimented with). Had any of you performed security checks or had any experience of getting your implant hacked? Is this a concern in the community?

Thanks for your input! tf


  • NFC chips can be protected quite easily - worst case scenario is someone writes the wrong data to it then you later write the correct data.

    As implants become more advanced, security issues obviously pop up, but it depends on the specific implant. For my implantable edison project for example it's basically just like securing any other computer.
  • I am not concerned at all with my RFID. i am a firm believer that if they don't know what it is, what it's for, And the end goal then it's useless to them. Others disagree here with security through obscurity but I don't.

    That said if it's spelt out on the implant what it is and there is no other form of security then I would worry like if there was bank account and routing number free for the scanning.
  • Security through obscurity is fundamentally doomed to fail eventually.

    Don't put anything you want to keep secret on a tag that can be read by anyone within range of you, or if you must then encrypt it.
  • edited December 2015
    Er, no it's not. It only fails when the obscure becomes ubiquitous. Which, in the case of implantable RFID technology in the United States/UK, barring some massive cultural shift is probably not going to happen within our lifetimes. And in the case of RFID tags, the fact you need to be either touching or very close to touching the implant site restricts data reading to anyone you feel like letting inside your personal space. Now could someone pin you down and force-read your RFID (after first finding out if you have one and then finding out where and then finding you have valuable information stored on it)? Yes, absolutely. Is this much more difficult than stealing a phone? Yes. Is it much less valuable? Yes. If you encrypt the tag it's analogous to taking your bunker in the middle of nowhere and burying it in a mountain.
  • And if you're targeted specifically?
  • Put it this way: if I was after your money and knew that you stored your bank details or bitcoin wallet in an RFID chip, i'd use that attack vector to get what I was after.
  • ^ see above response.
  • There have been RFID readers using specialist antennas to read from a distance.

    Of course if you encrypt the data, it's all a moot point - but i'm talking about the case where the data is in plaintext.
  • edited December 2015
    If you're the target of a specific attack your information is going to be obtained, and there is nothing you can do to prevent that, you can only make it more difficult for the attacker. So that's a moot point as well. They want your bank account info and you have it stored on an encrypted device? Or better, in your brain? It's still stored on the bank's server. Even if everything is encrypted there, people who work at the bank have access to it. Guess who just got hired there? Your attacker. We gave up the notion of absolute security and privacy when we entered the information age. If someone wants your information specifically and that information has ever touched any place outside your brain it can be found.
  • A secure system is slightly harder to break into than the information is worth. Are you being chased by super-spies? If so then you need encryption and maybe a dummy chip in another part of your body. If your biggest threat is some petty criminal stealing your wallet then you can probably get by with plaintext on an implant.
    My personal setup:
    I can make in-store purchases with my phone. My phone will unlock without prompts so long as my smart watch is near and turned on. If the connection is lost with my smart watch I need to scan my NFC tag, located in my hand, or enter a password. Could a super-spy with high-tech surveillance and reconnaissance get into my phone with a little time and effort. Yes, of course. Could a hoodlum who steals my phone on the street use my phone to make purchases, or even read my text message? Probably not.
    The lesson I want to show is that I don't have great security on my phone but it is suitable for the threat level.
    Some people enjoy having security that is orders of magnitude above the threat level and there's nothing wrong with that.
  • I agree one hundred percent with @bciuser. if you are specifically targeted you definitely have more to worry about then a chip. And for the people who memorize their stuff you can even get that information if it's needed. If targeted I don't believe the chip and a scanner will be what they try to do they will probably take you and take information directly from the horses mouth so to speak.

    If you don't know how to use a door handle then you won't open a door. If you worry about security on information on a chip then don't put it on the chip. If your being targeted call the police.
  • Just to point out as well @bciuser said that the implants may not take off in our lifetime, the only way people know you have the implant is if you tell them. most of the public have no idea about what we do here or that it even exists so they see your phone resting on your hand yes, but as far as they know there are many reasons for this.

    Also people that do see it will either be real lucky and guess what implant you have and what ISO it uses or may have a reader that can read them or even all types of RFID and NFC. Not to mention you would feel it as it has to be close and will almost 100% sure touch your hand, when you first get this (if you get this) it will be hours/day/s before you can read the chip first try.

    To summarize, your chip can be hacked if you have fallen asleep in public or lost all feeling in your hand, but they can re-write the tag that's OK you can correct that later on with a phone or a PC and put the data you want back on it in a matter of seconds. 

    I found this video that shows you how close you have to be and also points out the sweet spot backing my point of being lucky for a thug to get it first try. 

  • yes RFID does have some pretty well known vulnerabilities, is it a real issue that you should be scared of? no. No matter how important you think you have no one cares to read your tag enough to do through efforts to do it. Personally I think it would be cool. I would love to see what they would put on it. 
  • In theory, if I were to be an attacker knowing a lot of us use the chip for access reasons if its doors, phones, computers you could add a link to the chip that when you place it on a reader takes you to a site with my malware or spyware. This would only work as the reader will use the chips UID for access. 

    Or exploit Windows for the the vulnerability nobody fixes. Auto run for CD drives, this would allow you to run a small (really small) bat file. but to do this it would have to be planed and as I mentioned in my previous post you would need the right kit and also worst for them you would 100% feel the contact of a read/writer.  

    The chances of your chip being hacked as it has no power source and can only be powered by a magnetic field is 0.00001%.

    Unless you have got some serious enemies out there you will be fine. I have a friend getting the chip soon it is on the way so we will attempt to hack each other over time and post our findings here. 

    I feel if you created something that could read and write with a larger magnetic field (Magnets would alert you to this)  you could do this with no contact but the expense across the population with the chip makes this not viable. All of us are spread across the globe with few of us local to each other.

    I agree with @Benbeezy there are security flaws but I would say be aware of them and not scared as I mentioned this is not financially viable for a hacker unless they are stinking rich. Just be careful with who you tell. I don't keep mine a secret I find the reactions funny plus it gets others into Biohacking. 
  • bciuser points out, the social construct of personal space acts as protection. A penetrable protection nonetheless, yet not without any major breach of social code. I am curious how this would play out in different cultures and environments also. If 'hack-ability' is in part dependent on the definition of personal space and human proximity, what does this mean for a dense population, crammed commuters on the tube, Mumbai during rush-hour, etc.

    Benbeezy points out, I guess an unauthorized transfer of information would not need to be harmful. Could you create a mesh network of RFID chips acting as bike messengers, sending information from body to body until it reaches it's intended recipient, guided by geotags...

    Donovan880 please let us know how your hack attempts turn out!

    ps: I am coming at this form an angle of cyber-anthropology, interested in our bodily relationship with technology and it's effects on privacy and intimacy...

Sign In or Register to comment.