Biohacker shows how hand implant attacks can work

His grandkids call him ‘Robopapa.’

“They just think I’m crazy,” laughs Len Noe as he talks about the multiple devices surgically inserted into his hands.

But the security researcher with CyberArk has a serious message: we need to get ready for a future where attackers can use hidden implants to get away with crime.

Watch here:

Biohacker

Len Noe is a biohacker — a transhuman — with five devices implanted into his hands and more on the way.

“I have a smaller chip right here between the webbing of my thumb and forefinger,” he shows us in an interview with Archer News.

On the back of his hand, another. “I have this one large here which you can actually see the outline of.”

With these devices, he can do things like verify his bitcoin wallet, and scan himself into his office with just his hand, no badge required.

But he warns that someone with implants and a darker heart could scan themselves into your office, too, as well as other restricted and sensitive places.

It’s one of several implant attacks that could lead to trouble, as Noe demonstrated at the virtual RSA security conference last week.

Badge Hack

Noe’s badge hack is fairly simple. He secretly scans your badge or digital key with a small device outside his body, then copies that badge data onto his hand.

Now, with a wave, he’s in and out like it never happened. That could be a problem for sites with access to money, data, or industrial controls.

Touch payments and keyless cars may also be vulnerable to implant attacks. “The idea that I could actually steal your ‘chirp-chirp’ signal is not out of the question,” Noe said. “People don’t realize that convenience and ease-of-use typically equals less secure.”

Fl3sh_H00K

In another attack Noe calls Fl3sh_H00K or “Fleshhook”, he asks you a question.

“Hey, man, let me see your phone for something. I want to show you something on YouTube,” he says, using social engineering to grab your device.

But he’s programmed the chip in his hand to point to a special website that’s been taken over by attackers. In seconds, your phone is his to control and spy on from afar.

All you know is that you got a good chuckle from a YouTube video. Off you go, not realizing that your phone is hacked.

World-changing Technology

Noe said he hacks for good, not evil, showing companies and governments how to protect themselves.

He wants people to be aware of this new, almost invisible threat that could emerge — as more and more people bring computer technology inside their bodies — so we’re not caught off-guard when it some real-life cyborg goes rogue.

“At least people are not going to be blindsided, slapped in the face by something that could be a very world-changing type of technology,” he said.

Protect Yourself

He recommends people use multi-factor authentication, a second piece of proof that you are you, to protect doors and accounts from crooks with implants. That can include a code sent to an app on your phone or a physical key, among other options.

Noe himself is hackable, too.

He wears custom-made gloves made from special Faraday fabric to keep attackers out of his hands, because someone with destructive intentions could render the devices permanently useless. 

At that point, the implants would become simply interior decoration.

What’s Next?

Don’t fear the biohacker, Noe said. We may all become at least a little bit cyborg in the near future.

“I don’t feel that people who are transhuman should be ostracized or looked down on, because, in my opinion, it’s just the next step of human evolution,” he said.

The next big step, Noe said, is finding a way to power these in-body devices. At that point, the benefits and the threats get more complex. Be ready for this ‘brave new world’ to come.

Main image: Len Noe shows the location of a device implanted in his hand. Image: Archer News/CyberArk