Examining the Risks and Advantages of Biohacking

At the Security Analyst Summit, expert Hannes Sjoblad described the potential uses for NFC implants as authenticators and transaction verifiers.

CANCUN – Hannes Sjoblad of the Swedish Biohacking Association throws a mean implant party, the latest of which was held today on stage at the Security Analyst Summit.

Povel Torudd, head of European PR at Kaspersky Lab, bravely volunteered to have a NFC implant the side of a grain of rice shot into the skin between his thumb and forefinger. The chips can be used for a variety of purposes, including as a second form of authentication or the tracking of healthcare information, and people such as Sjoblad believe implants can soon supplant things such as car keys, proximity cards and other authenticators, while also introducing additional risk to users’ physical well being and privacy.

“These implants have the potential to be used for digital logins, storage of public encryption keys, and perhaps replace all silly passwords and don’t work,” Sjoblad said. “This technology has the potential for solving these issues.”

Data collected by the tiny battery-powered APT chip can be read by a mobile app. Sjoblad, for example, has also set up in his chip rebate memberships for retailers where he shops in Sweden, his business cards, gym membership cards and more.

“It’s made my life easier and interesting,” he said.

From a security perspective, however, implanting a tracking technology introduces physical risk to the wearer. Already, with existing human implant technology such as insulin pumps, pacemakers, cochlear implants, there are risks that they can be remotely accessible, putting private data.

Complicating matters is the introduction of health care data into the equation. For example, health care monitors track volumes of personal data over periods of time, trending data that could be of value if exposed, not to mention a detriment to the user’s privacy.

Sjoblad slots usage of implanted NFC chips into a pair of categories: identification and information storage. The chips can be used to identify and authenticate the user for building entry or transaction verification, or use stored data for personalization, in a car for example, to adjust seat and mirror settings automatically for the particular user.

The saving grace for security may be the potential for this technology to replace passwords, a long reviled means of authentication that’s simply bypassed, onerous to manage and a general failure given the recent litany of breaches.

“Passwords are not human friendly,” Sjoblad said.