Skin implants arrive as replacement for passwords

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

By Fah­mi­da Y. Rashid, ThirdCertainty

CANCUN — It was a moment out of sci­ence fic­tion. All eyes were on Kasper­sky Lab researcher Pov­el Torudd as he sat cen­ter stage here at the Kasper­sky Secu­ri­ty Ana­lyst Sum­mit late Mon­day, wait­ing to become a cyborg.

Torudd vol­un­teered to have a Near Field Com­mu­ni­ca­tions (NFC) chip implant­ed in his hand by a pro­fes­sion­al body piercer using ster­il­ized tools, a mark­er to show where the chip would be insert­ed, a scalpel and an impos­ing-look­ing inser­tion syringe.

With­in min­utes, Torudd was done. No hys­ter­ics (except for a few of us in the audi­ence) and lots of curiosity.

More: Pro­tect­ing your dig­i­tal foot­print in the post pri­va­cy era

NFC implants, such as the one now in Torudd’s hand, can be used for a vari­ety of dig­i­tal age tasks.

The chip can be used as a form of authen­ti­ca­tion in a mul­ti-fac­tor authen­ti­ca­tion scheme. It can store dig­i­tal logins or man­age pub­lic encryp­tion keys, accord­ing to Hannes Sjoblad of the Swedish Bio­hack­ing Association.

NFC implants can also be used for per­son­al­iza­tion and user con­fig­u­ra­tion. Sjoblad out­lined how the chip implant­ed in his hand can auto­mat­i­cal­ly reset his car’s seat and mir­ror set­tings to account for his larg­er physique after his small­er-framed wife dri­ves the fam­i­ly vehicle.

Sjoblad also stores infor­ma­tion about his gym mem­ber­ships and rebate mem­ber­ships for retail­ers he fre­quent­ly shops with in Swe­den. “It’s made my life eas­i­er and inter­est­ing,” he said.

Grain of rice

Torudd agreed to let the audi­ence watch the implant­i­ng of a chip about the size of a grain of rice under his  skin between his thumb and fore­fin­ger. It is pow­ered by a tiny bat­tery, but don’t wor­ry about chip run­ning out of juice too quick­ly. The chip is “asleep” most of the time, and wakes up only when the asso­ci­at­ed Android app attempts to read the stored data. And remov­ing the chip is as sim­ple as the inser­tion process, Sjoblad said, requir­ing a small scalpel cut over the inser­tion point.

Implants can soon sup­plant basic items in our pock­ets, such as car keys, prox­im­i­ty cards, and oth­er forms of authen­ti­ca­tion, Sjoblad said, not­ing they can “replace all sil­ly passwords.”

While bio­hack­ing has the poten­tial for solv­ing dif­fer­ent types of authen­ti­ca­tion issues, there are unique secu­ri­ty chal­lenges posed by the tech­nol­o­gy. Pri­va­cy is always a con­cern when data can be accessed remote­ly, but the fact that health­care is one of the big dri­vers for implants exac­er­bates pri­va­cy concerns.

These chips can poten­tial­ly store years of data, which can be high­ly valu­able for the attack­er, as well as high­ly detri­men­tal to user pri­va­cy if leaked.

More than just pri­va­cy, this kind of tech­nol­o­gy may poten­tial­ly affect the person’s phys­i­cal safe­ty, Sjoblad said. Con­sid­er that researchers have already iden­ti­fied poten­tial risks asso­ci­at­ed with exist­ing human implant tech­nol­o­gy, such as insulin pumps, pace­mak­ers, and cochlear implants. Past demon­stra­tions have shown how insulin pumps and pace­mak­ers can be manip­u­lat­ed mali­cious­ly to poten­tial­ly harm the per­son using these med­ical devices.

Health­care data at risk — a three-part series:

Part 1, Jan. 5: Why med­ical records are easy to hack, lucra­tive to sell
Part 2, Jan. 7, How thieves and scam­mers are cash­ing in.
Part 3, Jan. 9:  How the Inter­net of Things will exac­er­bate exposures
Guest essay: Why hos­pi­tals need to go beyond HIPAA com­pli­ance to secure data


Posted in Cybersecurity, Data Security, News & Analysis