Skin implants arrive as replacement for passwords
By Fahmida Y. Rashid, ThirdCertainty
CANCUN — It was a moment out of science fiction. All eyes were on Kaspersky Lab researcher Povel Torudd as he sat center stage here at the Kaspersky Security Analyst Summit late Monday, waiting to become a cyborg.
Torudd volunteered to have a Near Field Communications (NFC) chip implanted in his hand by a professional body piercer using sterilized tools, a marker to show where the chip would be inserted, a scalpel and an imposing-looking insertion syringe.
Within minutes, Torudd was done. No hysterics (except for a few of us in the audience) and lots of curiosity.
NFC implants, such as the one now in Torudd’s hand, can be used for a variety of digital age tasks.
The chip can be used as a form of authentication in a multi-factor authentication scheme. It can store digital logins or manage public encryption keys, according to Hannes Sjoblad of the Swedish Biohacking Association.
NFC implants can also be used for personalization and user configuration. Sjoblad outlined how the chip implanted in his hand can automatically reset his car’s seat and mirror settings to account for his larger physique after his smaller-framed wife drives the family vehicle.
Sjoblad also stores information about his gym memberships and rebate memberships for retailers he frequently shops with in Sweden. “It’s made my life easier and interesting,” he said.
Grain of rice
Torudd agreed to let the audience watch the implanting of a chip about the size of a grain of rice under his skin between his thumb and forefinger. It is powered by a tiny battery, but don’t worry about chip running out of juice too quickly. The chip is “asleep” most of the time, and wakes up only when the associated Android app attempts to read the stored data. And removing the chip is as simple as the insertion process, Sjoblad said, requiring a small scalpel cut over the insertion point.
Implants can soon supplant basic items in our pockets, such as car keys, proximity cards, and other forms of authentication, Sjoblad said, noting they can “replace all silly passwords.”
While biohacking has the potential for solving different types of authentication issues, there are unique security challenges posed by the technology. Privacy is always a concern when data can be accessed remotely, but the fact that healthcare is one of the big drivers for implants exacerbates privacy concerns.
These chips can potentially store years of data, which can be highly valuable for the attacker, as well as highly detrimental to user privacy if leaked.
More than just privacy, this kind of technology may potentially affect the person’s physical safety, Sjoblad said. Consider that researchers have already identified potential risks associated with existing human implant technology, such as insulin pumps, pacemakers, and cochlear implants. Past demonstrations have shown how insulin pumps and pacemakers can be manipulated maliciously to potentially harm the person using these medical devices.
Healthcare data at risk — a three-part series:
Part 1, Jan. 5: Why medical records are easy to hack, lucrative to sell
Part 2, Jan. 7, How thieves and scammers are cashing in.
Part 3, Jan. 9: How the Internet of Things will exacerbate exposures
Guest essay: Why hospitals need to go beyond HIPAA compliance to secure data