Hacker Implants NFC Chip In His Hand To Bypass Security Scans And Exploit Android Phones.

Seth Wahle
The image security expert Seth Wahle took of himself from a hacked Android device, after sending it a malicious link from an NFC chip in his hand.


Going by hacker stereotypes, it’d be pretty easy to physically identify anyone committing an act of digital crime. A combination of pallid skin, hoody and laptop is the biggest giveaway. Such hackneyed images of hackers are, of course, evidently wrong, bordering on offensive. Real hackers penetrating business networks have the common sense to avoid cliched clothing and try to conceal their tools.

For those who can bear the pain, biohacking, where computing devices are injected under the skin, provides a novel way to acquire real stealth to sneak through both physical and digital scans. That’s why US navy petty officer Seth Wahle, now an engineer at APA Wireless, implanted a chip in his hand, in between the thumb and the finger – the purlicue apparently – of his left hand. It has an NFC (Near Field Communications) antenna that pings Android phones, asking them to open a link. Once the user agrees to open that link and install a malicious file, their phone connects to a remote computer, the owner of which can carry out further exploits on that mobile device. Put simply, that Android device is compromised. In a demo for FORBES, Wahle used the Metasploit penetration testing software on his laptop to force an Android device to take a picture of his cheery visage.

He’ll be showing off the surreptitious attack at the Hack Miami conference taking place this May, alongside the event’s secretary of the board and security consultant Rod Soto. They admit it’s a rather crude piece of research, given it’s using off-the-shelf tools and a known attack technique over NFC, but claim this implant-based attack could provide criminals with a particularly useful “tool in their social engineering toolset”.
And, at a time when airlines and federal agencies are cracking down on anyone even thinking about testing the security of in-flight communications systems, implantable chips provide a clever way to sneak electronics past checks at airports or other high-security locations. Wahle says he put the chip in when he was still employed by the military and it was never detected despite going through scanners every day. “They would have to put me through the X-ray [if they were going to detect the chip].”
“This implanted chip can bypass pretty much any security measures that are in place at this point and we will show proof of that,” says Soto. 
Looking at the widespread adoption of NFC in business, implants could provide a route into various networks. More sophisticated code on the chip would increase the potential for more serious damage, especially if a zero-day (an unpatched,previously-unknown vulnerability) was put into action via a chip, warns Soto.
Seth Wahle hand chip
Seth Wahle’s hand, before and after he injected an NFC chip into it.
But implants aren’t for the squeamish. Wahle says the needle was bigger than he’d expected when he had the chip implanted by an “unlicensed amateur” for $40, enough to make him want to vomit. He says he had to go through a backstreet operation due to Florida’s restrictive body modification laws. He first had to acquire the chip, designed to be injected into cattle for agricultural uses, from Chinese company Freevision (see images below for their animal products and the sizeable syringe used by Wahle). But the chip, which has just 888 bytes of  memory and is encapsulated in a Schott 8625 Bio-glass capsule, is now barely noticeable, Wahle says, poking at the cylindrical object over his webcam during a Skype call with FORBES.
Freevision cattle implants
Implants for cattle, used by hacker Seth Wahle to launch Android attacks.
Seth Wahle syringe
The model of syringe used by Wahle in his $40 backstreet chip injection.
There are some clear limitations to an implant-based attack, but they can be overcome through various means. The malicious Android file created by Wahle and Soto, for instance, loses connection to the attacker’s server when the phone is locked or if the device is rebooted, but having the software run as a background service that starts on boot would fix that, according to Wahle’s whitepaper on the attacks. As the rogue code has to be manually installed, some decent social engineering will also be required, though making the malicious file appear legitimate, using Google GOOGL +0.17% Play signatures and initiating an additional exploit to cause a forced installation, would minimise the amount of charm and cunning needed.
Kevin Warwick, who claims to be the first human to have implanted an NFC chip inside his body, told FORBES it was “good that this particular application is being tested as it gives some idea of what might be possible and some of the dangers apparent”. Warwick, now professor of cybernetics at the University of Reading in the UK, also noted the inability of security systems to pick up on the technology. “Such an implant doesn’t get picked up at airports and so on, the amount of metal in it is far far less than wearing a watch or wedding ring. Even my neural implant of 2002, with a length of platinum wire implanted was not picked up. In fact I still have some of the wires in my arm and fly regularly.”
In Miami, Wahle and Soto are planning to detail the steps hackers will need to go through to add implants to their arsenal, including how to acquire the hardware and program the chip. Could this be the beginnings of the democratisation of malevolent biohacking? “This is just the tip of the iceberg… anyone can do this,” adds Soto.

forbes.

Popular posts from this blog

UK GENERAL ELECTIONS:Inquiry announced into memo alleging Sturgeon wants Tory election victory.

Image
Civil service instigates investigation into leaked memo from Foreign Office about supposed comments made in February Scotland’s first minister, Nicola Sturgeon, with David Cameron in her office at the Scottish parliament earlier this year. Photograph: WPA Pool/Getty A civil service inquiry into a leaked memo which claimed that Nicola Sturgeon privately wanted to see David Cameron remain in power after the general election has been instigated following calls from the First Minister. Ms Sturgeon described the allegation as “100% untrue” and accused Whitehall of “dirty tricks”.
Read more

Sandhurst's sheikhs: Why do so many Gulf royals receive military training in the UK? A parade outside the building at Sandhurst Continue reading the main story In today's Magazine The death list that names 5,000 victims Is this woman an apostate? Voices from a WW1 prison camp The Swiss selfie scandal Generations of foreign royals - particularly from the Middle East - have learned to be military leaders at the UK's Sandhurst officer training academy. But is that still a good idea, asks Matthew Teller. Since 1812, the Royal Military Academy Sandhurst, on the Surrey/Berkshire border, has been where the British Army trains its officers. It has a gruelling 44-week course testing the physical and intellectual skills of officer cadets and imbuing them with the values of the British Army. Alongside would-be British officers, Sandhurst has a tradition of drawing cadets from overseas. Many of the elite families of the Middle East have sent their sons and daughters. Perhaps the most notable was King Hussein of Jordan. Continue reading the main story Find out more Matthew Teller presents Sandhurst and the Sheikhs, a Whistledown production for BBC Radio 4, on Wednesday 27 August 2014 at 11:00 BST It will be available on iPlayer shortly after broadcast Four reigning Arab monarchs are graduates of Sandhurst and its affiliated colleges - King Abdullah of Jordan, King Hamad of Bahrain, Sheikh Tamim, Emir of Qatar, and Sultan Qaboos of Oman. Past monarchs include Sheikh Saad, Emir of Kuwait, and Sheikh Hamad, Emir of Qatar. Sandhurst's links have continued from the time when Britain was the major colonial power in the Gulf. "One thing the British were excellent at was consolidating their rule through spectacle," says Habiba Hamid, former foreign policy strategist to the rulers of Dubai and Abu Dhabi. "Pomp, ceremony, displays of military might, shock and awe - they all originate from the British military relationship." Sheikh Hamad Bin Isa Al Khalifa, King Abdullah, Sultan Qaboos Sandhurst alumni: King Hamad of Bahrain, King Abdullah of Jordan and Sultan Qaboos of Oman It's a place where future leaders get to know each other, says Michael Stephens, deputy director of the Royal United Services Institute, Qatar. And Sandhurst gives the UK influence in the Gulf. "The [UK] gets the kind of attention from Gulf policy elites that countries of our size, like France and others, don't get. It gives us the ability to punch above our weight. "You have people who've spent time in Britain, they have… connections to their mates, their teachers. Familiarity in politics is very beneficial in the Gulf context." "For British people who are drifting around the world, as I did as a soldier," says Brigadier Peter Sincock, former defence attache to Saudi Arabia, "you find people who were at Sandhurst and you have an immediate rapport. I think that's very helpful, for example, in the field of military sales." The Emir of Dubai Mohammad bin Rashid Al Maktoum with his son after his Passing Out Parade at Sandhurst in 2006 Sheikh Mohammad bin Rashid Al Maktoum, Emir of Dubai, with his son in uniform at Sandhurst in 2006 Her Majesty The Queen's Representative His Highness Sheikh Hamad bin Khalifa Al-Thani, The Emir of Qatar inspects soldiers during the 144th Sovereign's Parade held at The Royal Military Academy Sandhurst on April 8, 2004 in Camberley, England. Some 470 Officer cadets took part of which 219 were commissioned into the British Army Hamad bin Khalifa Al-Thani, the Emir of Qatar until 2013, inspects soldiers at Sandhurst in 2004 Emotion doesn't always deliver. In 2013, despite the personal intervention of David Cameron, the UAE decided against buying the UK's Typhoon fighter jets. But elsewhere fellow feeling is paying dividends. "The Gulf monarchies have become important sources of capital," says Jane Kinninmont, deputy head of the Middle East/North Africa programme at the foreign affairs think tank Chatham House. "So you see the tallest building in London being financed by the Qataris, you see UK infrastructure and oilfield development being financed by the UAE. There's a desire - it can even seem like a desperation - to keep them onside for trade reasons." British policy in the Gulf is primarily "mercantile", says Dr Kristian Coates Ulrichsen, of the Baker Institute in Houston, Texas. Concerns over human rights and reform are secondary. The Shard at dusk The Shard was funded by Qatari investors In 2012 Sandhurst accepted a £15m donation from the UAE for a new accommodation block, named the Zayed Building after that country's founding ruler. In March 2013, Sandhurst's Mons Hall - a sports centre - was reopened as the King Hamad Hall, following a £3m donation from the monarch of Bahrain, who was educated at one of Sandhurst's affiliated colleges. The renaming proved controversial, partly because of the perceived slight towards the 1,600 British casualties at the Battle of Mons in August 1914 - and partly because of how Hamad and his government have dealt with political protest in Bahrain over the last three years. A critic might note that the third term of Sandhurst's Officer Commissioning Course covers counter-insurgency techniques and ways to manage public disorder. Since tension between Bahrain's majority Shia population and minority Sunni ruling elite boiled over in 2011, more than 80 civilians have died at the hands of the security forces, according to opposition estimates, though the government disputes the figures. Thirteen police officers have also lost their lives in the clashes. "The king has always felt that Sandhurst was a great place," says Sincock, chairman of the Bahrain Society, which promotes friendship between the UK and Bahrain. "Something like 20 of his immediate family have been there as cadets. He didn't really understand why there was such an outcry." David Cameron and King Hamad David Cameron meeting King Hamad in 2012... A protester is held back by police ... while protesters nearby opposed the Bahrain ruler's human rights record Crispin Black, a Sandhurst graduate and former instructor, says the academy should not have taken the money. "Everywhere you look there's a memorial to something, a building or a plaque that serves as a touchstone that takes you right to the heart of British military history. Calling this hall 'King Hamad Hall' ain't gonna do that." Sandhurst gave a written response to the criticism. "All donations to Sandhurst are in compliance with the UK's domestic and international legal obligations and our values as a nation. Over the years donations like this have saved the UK taxpayer a considerable amount of money." But what happens when Sandhurst's friends become enemies? In 2001, then-prime minister Tony Blair visited Damascus, marking a warming of relations between the UK and Syria. Shortly after, in 2003, Sandhurst was training officers from the Syrian armed forces. Now, of course, Syria is an international pariah. Journalist Michael Cockerell has written about Libyan dictator Colonel Gaddafi's time at the Army School of Education in Beaconsfield in 1966: "Three years [later], Gaddafi followed a tradition of foreign officers trained by the British Army. He made use of his newfound knowledge to seize political power in his own country." Ahmed Ali Sandhurst-trained Ahmed Ali was a key player in the Egyptian military's removal of Islamist President Mohammed Morsi That tradition persists. In the 1990s Egyptian colonel Ahmed Ali attended Sandhurst. In 2013 he was one of the key figures in the Egyptian military's removal of Islamist President Mohammed Morsi, now rewarded by a post in President Sisi's inner circle of advisers. In the late 1990s there were moves by the British government under Tony Blair to end Sandhurst's training of overseas cadets. Major-General Arthur Denaro, Middle East adviser to the defence secretary and commandant at Sandhurst in the late 1990s, describes the idea as part of the "ethical foreign policy" advocated by the late Robin Cook, then-foreign secretary. Tony Blair and Robin Cook Tony Blair and Robin Cook at one point planned to end Sandhurst's training of overseas cadets The funeral of King Hussein in 1999 appears to have scuppered the plan. "Coming to that funeral were the heads of state of almost every country in the world - and our prime minister was there, Tony Blair," says Major-General Denaro. "He happened to see me talking to heads of state - the Sultan of Brunei, the Sultan of Oman, the Bahrainis, the Saudis - and he said 'How do you know all these guys?' The answer was because they went to Sandhurst." Today, Sandhurst has reportedly trained more officer cadets from the UAE than from any other country bar the UK. The May 2014 intake included 72 overseas cadets, around 40% of whom were from the Middle East. "In the future," says Maryam al-Khawaja, acting president of the Bahrain Centre for Human Rights, "people will look back at how much Britain messed up in the [Middle East] because they wanted to sell more Typhoon jets to Bahrain, rather than stand behind the values of human rights and democracy." "It's one thing saying we're inculcating benign values, but that's not happening," says Habiba Hamid. Sandhurst is "a relic of the colonial past. They're not [teaching] the civic values we ought to find in democratically elected leaders." line Who else went to Sandhurst? Princes William and Harry, Winston Churchill, Ian Fleming, Katie Hopkins, Antony Beevor, James Blunt, Josh Lewsey, Devon Harris (From left to right) Princes William and Harry Sir Winston Churchill Ian Fleming, creator of James Bond (but did not complete training) Katie Hopkins, reality TV star Antony Beevor, historian James Blunt, singer-songwriter Josh Lewsey, World Cup-winning England rugby player Devon Harris, member of Jamaica's first bobsleigh team line Sandhurst says that "building international relations through military exchanges and education is a key pillar of the UK's international engagement strategy". Sandhurst may be marvellous for the UK, a country where the army is subservient to government, but it is also delivering militarily-trained officers to Middle Eastern monarchies where, often, armies seem to exist to defend not the nation but the ruling family.

Image
Generations of foreign royals - particularly from the Middle East - have learned to be military leaders at the UK's Sandhurst officer training academy. But is that still a good idea, asks Matthew Teller. Since 1812, the Royal Military Academy Sandhurst, on the Surrey/Berkshire border, has been where the British Army trains its officers. It has a gruelling 44-week course testing the physical and intellectual skills of officer cadets and imbuing them with the values of the British Army. Alongside would-be British officers, Sandhurst has a tradition of drawing cadets from overseas. Many of the elite families of the Middle East have sent their sons and daughters. Perhaps the most notable was King Hussein of Jordan. Four reigning Arab monarchs are graduates of Sandhurst and its affiliated colleges - King Abdullah of Jordan, King Hamad of Bahrain, Sheikh Tamim, Emir of Qatar, and Sultan Qaboos of Oman. Past monarchs include Sheikh S
Read more

Ebola Outbreak: Guinea Declares Emergency As Overall Deaths From Ebola Rise To 1,069

Image
Health workers take passengers' temperatures infrared digital laser thermometers at the Felix Houphouet Boigny international airport in Abidjan on Aug. 13, 2014. Ivory Coast on Monday banned air travellers from Guinea, Liberia and Sierra Leone, the three countries worst-hit by the Ebola outbreak, and ordered its flagship carrier Air Cote d'Ivoire to cease flights to and from them. Reuters/Luc Gnago Guinea, one of the worst-hit West African nations in the ongoing Ebola outbreak, announced a state of emergency Wednesday. The World Health Organization, or WHO, also  said  that four new people died in Guinea between Aug. 10 and Aug. 11. The total death count in Guinea from the latest epidemic was estimated at 377 by WHO while the number of cases reported had risen to 510. Overa
Read more