Hacker implanted an NFC chip in his hand to bypass security scanners and control android phones

Based on the "hacker" stereotypes, it is quite easy to identify the person who committed the cyber crime. The combination of pale skin, sweatshirt and laptop is a bright hint. Such a hackneyed image of a hacker, of course, is completely wrong and borders on insult. Real hackers, penetrating the business network, are prudent enough to avoid cliches in their own clothes and to strive to hide their work practices.

For those who are able to endure pain, biohacking, in which digital devices are inserted under the skin, provides new opportunities for true stealth skills to help penetrate physical and digital scanning systems. That is why the US Navy officer Seth Uel, who is currently an APA Wireless engineer, implanted an electronic chip in the palm of his left hand - in the area between the big fingers and forefinger. The chip has an NFC antenna (Near Field Communications), which pings android communicators with a connection request. As soon as the user agrees to open access and install a malicious file, his communicator connects to a remote computer, the owner of which can perform further actions with this mobile device. Simply put, such an android communicator is hacked. In a demonstration for Forbes, Huel, testing the software of his laptop, used Metasploit-penetration to make android devices take a picture of his own cheerful physiognomy.
')
According to the secretary of the event committee and security consultant Rod Soto, Uel will conduct a demonstrative hidden attack during the hacking conference in May this year in Miami. Soto and Ueli admit that this is a rather raw part of the research, implemented using already available tools and known NFC attack techniques, but they argue that invasion technologies based on implants could provide criminals with a particularly effective method in their “social engineering toolkit” ".

While airlines and federal agencies severely pursue anyone who would even think to test the stability and safety of flight communication systems, implantable chips provide a clever way to sneak through electronic control points at airports or other places with advanced security zones. Uele says that he implanted the chip back in military service and since then it has never been found, despite the fact that it passes through scanners every day. “If they are going to detect the chip, they need to send me on an x-ray.”

“This implanted chip can bypass almost any security measures existing at the moment, and we will give proof of this,” says Soto.

Given the widespread adoption of NFC technology in business, implants can provide a routing process in various networks. A slightly improved chip code will increase its potential for causing more serious damage, especially if the “zero-day” event (unrecoverable, previously unknown vulnerability) was activated by the chip, warns Soto.

However, implants are not for scrupulous. Uel claims that the needle was larger than he had expected when a “unlicensed amateur” implanted the chip for $ 40, and that was enough to make him sick. He says that he had to go through a similar “underground” operation due to the laws of the state of Florida that forbid the modification of the human body. At first, Uele was to acquire a chip intended for insertion into the animal bodies of agricultural purpose produced by the Chinese company Freevision (see images of their products for animals and the impressive size of the syringe used by Wele). At the same time, Uel says, poking a cylindrical object into the lens of his webcam during a Skype conversation with Forbes, that the chip, which has only 888 bytes of memory and is enclosed in a Schott 8625 Bio-glass capsule, is now barely noticeable.

There are some obvious restrictions on implant attacks, but they can be overcome by various means. For example, a malicious android file created by Uel and Soto loses connection with the attacking server if the phone is locked or when the device reboots, however, according to Weel’s technical guide for attacking, using software that runs as background service that starts at boot, this problem can be solved. Since the fraudulent code must be installed manually, some “decent” social engineering techniques are also needed during the attack, although “legitimizing” the malicious file with GooglPlay signatures and initiating additional user actions aimed at enforcing it will minimize the need for charm and cunning .

Kevin Warwick, who considers himself the first person with an NFC chip implanted in his body, told Forbes that “it’s good that this particular application is being tested as it gives some indication of its capabilities and the dangers identified.” Warwick, currently a professor of cybernetics at the University of Reading in the UK, also noted the inability of security systems to detect this technology. “Such an implant is not detected at airports and similar places, the metal content in it is much, much less than in a wrist watch or a wedding ring. Even my 2002 neural implant with a piece of platinum wire was never detected. In fact, I still have the wiring in my hand and at the same time I fly regularly. ”

In Miami, Huelle and Soto are planning to describe in detail the actions of hackers that they will need to implement in order to add implant technology to their arsenal, including how to acquire the required equipment and program the chip. Could this be the start of malicious biohacking? “This is just the tip of the iceberg ... anyone is able to do it,” adds Soto.