An estimated 50 to 100k folks have implants; how do the benefits compare to the risks?
When Wisconsin-based tech company Three Square Market offered to pay for its employees to be voluntarily microchipped last summer, the Internet was aghast. But just days before the so-called “chip party” at the 3SM company headquarters, people at the DEFCON hacking conference were eagerly lining up and paying to get microchip implants injected into the subdermal fascia between their thumbs and forefingers.
This juxtaposition begs the question: are these chip implants a step toward an invasive dystopian future where employers track their subjects’ every movement? Or are they simply an easy way to log in to accounts and open doors with the flick of a wrist? With a small but growing number of chipped individuals (between 50,000 and 100,000 according to estimates from biohacking company Dangerous Things) taking the plunge, society may soon find out.
What we’re talking about when we talk about microchipsMicrochip implants are generally shaped like cylinders. They contain a small microchip, a bio-safe epoxy resin, and a copper antenna wire coil encased in lead-free borosilicate glass or soda-lime Schott 8625 biocompatible glass. Microchips used for both animals and humans are field powered and have no battery or power source. Therefore, they are inert until they come within the field produced by a reader device, which implants communicate with over a magnetic field.
These implants often fall under the RFID (radio-frequency identification) umbrella, and RFID technology encompasses a very broad spectrum of frequencies, devices, protocols, and interfaces. RFIDs are typically found in three frequency families: low-frequency (125 and 134 kilohertz), high-frequency (13.56 megahertz), and UHF (800-915 megahertz). Chips sold for implants are generally either low or high frequency. RFID chips are identified using radio waves, and near-field communication (NFC) chips are a branch of high-frequency radio waves.
Biohax, the company that installed chips for the 3SM employees who wanted them, sells near-field communication devices, while other companies like Dangerous Things let users select between RFID and NFC chips, for example. People typically use RFID tech to replace keys and passwords, so they can enter their home, unlock and start their car, or log in to a laptop more conveniently. NFC tags can be used to store vCards or Bitcoin wallet addresses, among other things. In Sweden, Biohax partnered with the railways, and chips can be used as ticket carriers. It’s also possible to program chips as different types of triggers so you can, for example, tap your phone to your chip and contact your spouse.
Dangerous Things’ 125 kHz xEM chips emulate common low-frequency EM41xx style chips, have some programmable memory space and basic security features, and allow you to program or clone EM or HID tag IDs, such as ProxMark II card IDs. Their 13.56MHz xNT chips are higher frequency and are based on the NTAG216 chip. They have 888 bytes of user programmable memory and 32-bit password protection security features. They are NFC compliant. The company’s 13.56 MHz xMI microchips have 769 bytes of user programmable memory and support Crypto1 security features, but those are only supported on some NFC devices. The company’s 3.56 MHz xIC devices have 128 bytes of programmable memory but no security features, and these are only supported on some NFC devices.
Dangerous Things often refers to microchip implants as transponders, a portmanteau for transmitter-responder. But information security researcher Tarah Wheeler, a Principal Security Advisor at Red Queen Technologies and Cybersecurity Fellow at New America, believes the term is inaccurate when used to refer to unpowered magnetic memory such as USB drives or implantable microchips. Again, these chips are unpowered, have teeny tiny antennas, and don’t really transmit anything. “You’re lucky if it’s anything beyond a foot at maximum. In reality, functionally, you must touch it to the device to get a read,” she says.
Dangerous Things CEO Amal Graafstra installs a microchip at ToorCamp.
Dangerous Things CEO Amal Graafstra installs a microchip at ToorCamp.
Credit: https://dangerousthings.com The health risksThese days, microchips are so safe that they’re used by pet owners to tag their own dogs and cats. In fact, the risk to humans from an ear-piercing is greater since chip implants scab over far more quickly—in a matter of hours. Still, Dangerous Things CEO Amal Graafstra warns that if people try to insert the chips themselves and don’t follow aseptic procedure, they may get an infection. And infections can sometimes (rarely) lead to MRSA, a type of staph infection that has become resistant to many antibiotics and can sometimes be deadly. The risk of infection is reduced by working with a professional body piercer skilled with needles and aseptic procedures, which is why Dangerous Things has a network of partners to recommend (including some who can install more involved products). The biohacking supply company’s X-series devices are usually sold pre-loaded inside a sterile injection assembly.
Upon installation, the tags do cause a moderate amount of swelling for up to around a day and some bruising for a few days. It can take two to four weeks for the tag to get encapsulated with fibrous collagen tissue, and users might have some temporary itching or pinching sensations for up to two years as the body heals around the tag.
But after a tag has healed, it can’t be felt under the skin, and it usually can’t be seen under most people’s hands unless they’re gripping large objects, according to Dangerous Things. It’s possible for the skin covering the tag to get pinched between the tag and another object, which can be mildly painful, but this can be prevented by not rolling the tag between hard surfaces.
The most inexpensive microchips sold by Dangerous Things are encapsulated in biosafe glass and are inserted in the skin between the thumb and index finger. Though they are not indestructible, they are far less likely to break when inside the human body.
Implantable microchips are compatible with MRI machines and are not picked up by metal detectors or airport scanners. And if a person ultimately second-guesses the thing, they’re also not difficult to take out. Animal chips are coated with biobond or parylene, but human chips are not, which makes removal easier. A doctor can put a glove on, make a small incision, and press the chip up from the skin to get it right out. (In 2004, Verichip offered an implantable microchip meant to unlock personal health records. It was injected into the triceps muscle and was coated in bio-bond and was meant to be permanent, so the device could only be removed with much pain and scar tissue. The process has evolved, however, so this doesn’t apply to the implantable chips being used today.)
One health concern Graafstra sometimes hears comes from people who are convinced that they have had a chip implanted against their will. These individuals say that such a chip is somehow making them hear voices or see flashes of light or experience other phenomena. This fear is sometimes due to undiagnosed mental illness, and sometimes it’s because of scammers that claim to scan people for chips and offer removal services. “If there was a neural interface that was that good, it would be the holy grail of computer/brain interfaces,” Graafstra says. In reality, even the most advanced neural interface implants do little more than talk to a few neurons. The CEO has investigated some of these claims and reported his findings. Now when someone approaches him to ask about chip-inspired voices or visions, he recommends that they see a doctor, preferably one specializing in neurological disorders.
Tiny little chip implants, via X-ray.
Tiny little chip implants, via X-ray.
Credit: Amal Graafstra The security risksIf you’re skeptical of chip implants, health issues may not be your primary concern. Hollywood movies and television shows often show tracking devices being used to hunt people in real time. But as anyone with a missing pet can attest to, you can’t actually track or find animals (or people) in this way.
Chip implants may help with identification if, for example, a pet is left in a shelter or at a vet’s office, but the chips do not have GPS installed in them. It’s not possible to magically sneak GPS cards into a device after the fact, either. Implantable devices capable of tracking would require a battery that would need recharging on a regular basis (like a cell phone). Remember, today’s implanted chips don’t even have a power source—so operational range is limited. You pretty much have to press your hand up against a reader for it to work.
A pair of circumstantial risksGetting secure info off-site: Porter points out that RFID tags can store some amount of text data. While smuggling a flash drive into an office once is possible, bringing it in and out every day might be more difficult (though not impossible). Porter says that getting an RFID reader/writer into the office once is really not that hard. “On my USB flash drive square, I am going to have to smuggle them in and out every single day, but if I can get that reader/writer in there one time, I can then start putting data on that chip, and I can leave with nothing on me except that data on that chip inside my skin. I can put it close enough to my ring finger to where if it has metal detectors, they will always go off for my ring. They will see I have a metal ring and say, ‘no wonder it went off.’ This is a way where you can exfiltrate data from a secure facility.” Of course, there are other ways to do so, like sneaking a microSD card into and out of your office by storing it somewhere in your body or even swallowing it. And the added benefit with such an option is that a microSD card could store much more than a microchip.
Gaining access: Information security researcher Tarah Wheeler points out that compromising someone else’s badges is another way to take advantage of a chip implant in a high-security environment. An attacker could carry around a low-level security badge while having a higher-level badge cloned to the microchip on their hand, while pretending they got into an off-limits location with the only badge they appear to physically be carrying. That said, she points out that this attack has more to do with people than tech.
“Think about your phone and the battery that you need to have in that phone for it to listen for GPS satellites and communicate that location data to the outside world through a cell tower or Wi-Fi or whatever,” Graafstra says. “The device you would need to implant is going to be quite large and have a battery in it that’s going to need constant charging and eventually replacement in two to three years.”
While it’s not theoretically impossible to track an individual using their biomods, it isn’t exactly practical right now. An attacker would need to tag a person in a particular area and then build a device that can send out an electromagnetic current strong enough that it would energize the chip from a long distance. This villain would then need to outfit every square inch of a given area with a reader. There is no economic model that would make that worthwhile, especially when there are easier and less expensive ways to track someone’s whereabouts, such as CCD camera sensors or following a target on foot. We also carry our own portable tracking devices in the form of cell phones, which are comparatively not difficult to hack into. And companies can typically read work emails and track the general or even fine location data of anyone who carries around a work tablet or laptop or connects to a corporate network.
Beyond such monitoring, perhaps the other big security idea surrounding chip implants involves more traditional hacking. Much has been made of the potential security risk of a chip implant being infected with a virus. In 2010, British scientist Mark Gasson willingly infected an RFID chip in his hand to see if he could pass the virus on to an external control device. He was successful, but for the SQL injection attack to work in real life, the user would need to scan their chip at a malicious reader, and then a separate target reader would need to accept data from a key card and pass it directly to a backend database without first validating it.
Hacker Seth Wahle conducted a URL attack on a browser vulnerability on an NFC chip, directing Android phones to open a link that connected the phone to a remote computer. Wahle used the Metasploit pen testing software on the laptop to force the Android device to take a photograph of him. Although he leveraged NFC technology, Wahle could have just as easily emailed the nefarious URL to his target.
Beyond these orchestrated proof-of-concept attacks is the fear of cloning attacks, specifically when implantable microchips are used in place of keys or key cards. It’s unlikely that someone would go to the effort of breaking into someone’s home in this way when they could just break a window, pick the lock, or even take a photograph of someone’s keyring. It’s somewhat more likely that someone would go to great lengths to plan this type of attack if they’re going after a business rather than an individual, and an implantable security device designed for personal use may be an easier target.
That said, it’s also possible to duplicate key cards and even increase the range of scanning an RFID chip from a distance. Businesses often tell people to put their work badges in RFID blocking sleeves or in a safe after work, but many people wear them when they go to the bar after work or keep them in their pocket. And many key cards that businesses use are vulnerable to cloning, too. Although many card systems were developed decades ago, they continue to persist for backward compatibility and because companies spent tens of thousands of dollars to deploy them. Some (such as HIDProx2 and NXP MIFARE Classic) are broken, some (such as HID iClass and NXP DESFire) are weakened and require extra steps, and only some (such as the new generation of DESFire EV1 and DESFire EV2 cards and HID iClass Seos) leverage standards-based encryption and do not have any public exploit that we know of. Weaker key cards are easier to clone, whether they’re in someone’s pocket or inside their hand.
In spite of that, one strike against biomods is that they cannot be turned off or left behind. Drew Porter, founder of the security firm Red Mesa, points out that people putting low-security employee badges in their hands are essentially always carrying their corporate badge around. This is particularly risky if their employee badge uses a low-security RFID protocol like HID PROX items. “You can’t just take it out, or take it out of your wallet or purse or take it off your neck. Now you have it with you everywhere,” he says. Not only do people have badge access on them at all times, but Porter also points out that they typically love to talk about how they use it to badge in. “As an attacker, I don’t have to do too much recon work, because if I’m at a bar and somebody has that, they’ll be screaming it all around, they’ll just be like ‘this is how I badge into my office!’ and it’s just like, ‘great. That is wonderful to know. You gonna be here next week? I’d like to buy you a drink next week,’ and then you just clone their RFID, and you have access to it, and it allows you to at least the exterior entry as that employee.”
There are RF-shielded gloves people use to interact with Faraday boxes that are a metal mesh, but wearing them is impractical, and they may not even work with lower-frequency chips. There are reader apps, like NFC Tools Pro App, which allow people to edit the data on the chip with an app, so it’s technically possible to reprogram the chip at the end of the day. This is similar to getting issued a new access badge every day, but Porter points out that this opens a business up to other risks and costs, including administration overhead and training costs, phones having company building credentials on them (possibly without proper device management), and risks such as allowing non-technical users to have the ability to make new access cards to the building for other people. Again, though, many of these risks are mitigated by using more secure RFID protocols for these cards.
A good way to maintain all of the benefits of a key card (whether it’s implanted or a physical one) without the drawbacks is to use it as a second factor by combining a cryptographic proof with a biometric option, such as a fingerprint or iris scan. Graafstra is working on developing a VivoKey, which is a more advanced product that will have a higher price tag. It is a full cryptographic platform made specifically for storing keys, doing cryptography, and even dipping into the realm of payments and bitcoin transactions. It will deploy public and private key infrastructure. The access controller will encrypt a datagram to the tag, and the private key will decrypt it and then re-encrypt it and send it back to the reader.
The installation process today isn't much different from a piercing or blood test (aka, it involves a needle).
The installation process today isn't much different from a piercing or blood test (aka, it involves a needle).
Credit: https://dangerousthings.com/ What happens when a chip becomes obsoleteWith the popular key use case, some businesses may worry about employees who are fired or who leave their jobs still having implant access to the facility. But that’s not exactly how things work. Instead of programming keys into an RFID tag—the way you’d hand out physical keys to employers—doors or system RFID readers are actually programmed to allow tags to work. So if an employer wants to remove a specific person’s tag so they will not be allowed entrance into a building, they simply need to remove their tag’s serial number from the list, and it will stop accepting it.
From the user perspective, even if you think getting a microchip implant is a good idea and know removing or replacing it is easy, not many people want to go through that process as often as they would, say, get a new cell phone. Luckily, obsolescence isn’t a serious problem so far. Graafstra got his first chip put into his hand in 2005 (he’s not just the Dangerous Things executive, he’s also a client!). It used an EM4102 chip, which had been around for about 20 years at the time. Even now, you can buy a $10 reader that will work with that chip, just like you can take a Bluetooth headset you bought in 1999 and connect it to a new smartphone. “Technology does move very quickly, but standards and applications do not,” he says. “The idea that you’re going to get an implant and in two years it’s going to be no good is false. It’s not like a cell phone. It’s based on standard compliance protocol that essentially is going to be backward compatible for as long as the standard is supported.”
For xNTs, the data retention period, or length of time before the signal degrades enough that you can’t reliably count on that data, is 10 years. The write cycle count is 100,000 write cycles, which means that if you write something to it every day, it’ll last 100,000 days. And every time you rewrite something, the data retention period starts over, meaning that the data may be retained for close to a million years.
People who want to implant chips and antenna coils from existing transit and payment cards may have to deal with the obsolescence issue, since payment data expires and transit systems often phase out specific chip types in favor of others. But that’s different from simply programming information onto the cards.
The FutureAfter speaking with biohacking companies, users, and researchers, the results surprised us. Bringing up popular critiques of microchip implants often led to dead ends. It unexpectedly felt like a frustrating game of whack-a-mole.
Descriptions of potential issues in next-generation devices that don’t exist yet are often coupled with rumors of Chinese factories coercing employers to get chipped to keep their jobs or dead links to stories about soldiers or babies being forcibly chipped (many of which have been thoroughly debunked). In many cases, articles conflate the very real issues with medical devices or GPS tracking on cell phones with implantable chips. All that attention then gets coupled with vague cries for regulation.
Today, the upside on chip implants seems admittedly limited. By far the most popular use-case appears to be removing access management—replacing physical keys, access cards, or possibly even passwords—for ease of entry and minimal risk of loss. At the same time, the drawbacks of an implant right now are trivial. Many of the most alarming fears stem from misinformation or rumors, and the genuine potential drawbacks don’t look worse than many body piercings. Biohack companies present implants to be as removable as a piercing or tattoo to boot.
But is it worth it? Is carrying a key or remembering a password so difficult or potentially risky? It’s hard to speak authoritatively about future threats, but in 2018, many of the concerns surrounding chip implants come across as unfounded. That doesn’t mean current use cases justify a new addition to your body, of course, but it seems no riskier than a potentially regrettable tattoo for now.
Yael Grauer (@yaelwrites) is an independent tech journalist based in Phoenix. She has written for WIRED, Slate, The Intercept, and others. Her PGP key and other secure channels are available here: https://yaelwrites.com/contact/. She previously wrote about VPNs and Dark (UI) Patterns for Ars.
Listing image: https://dangerousthings.com/
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4