http://news.bbc.co.uk/1/hi/technology/10158517.stm
Full Version: Infected implant
That's very interesting.
To be fair, he did infect it before he implanted it. But it was a proof of concept test that such a device could be infected.
Wow, he likely got a grant for this wankery.
I would like to point out that he was not infected. He had an infected piece of hardware implanted in his body. If he could somehow infect his left thumb or his right middle-toe, without the use of any electronic device, I may be more impressed. This would be no different than him infecting the chip and carrying it around.
QUOTE (Neraph @ May 26 2010, 05:09 PM) 
I would like to point out that he was not infected. He had an infected piece of hardware implanted in his body. If he could somehow infect his left thumb or his right middle-toe, without the use of any electronic device, I may be more impressed. This would be no different than him infecting the chip and carrying it around.
True and I concur – it's actually quite a non-story but I thought others might appreciate.
Of course, even in Shadowrun people can't get infected by computer viruses, only their 'ware can.
Unless you count dissonants ...
Now, you could do a soft nanite system that is carrying a virus. That would be really close to blurring the lines, and the host's own blood would be infected by a computer virus. And IIRC, soft nanites are basically shelled bacteria/viruses, or those with "reprogrammed" DNA.
The headline was sensationalized, but that's not his fault. Yes, he put a corrupted chip in himself. Yes, he could have just carried it for the same affect. His point however is completely valid; these types of wireless setups are vulnerable since there are no filters to catch a corrupting or virus. Instead of waiting for them to become common place and have people realize that security is needed after the fact he is trying to demonstrate now how vulnerable they would be.
For example, its not hard to imagine people chipping themselves and then securing their house so that the locks are dependent on their chips (and those of the rest of the family). If someone can write a virus for these things they could simple create a chip to disable it, carry it to peoples houses, and then walk right in, as if there was no lock system in place. Not only would they be robbed blind by a corrupted chip that acted as a skeleton key, but then the owner would become a carrier; disabling security systems and who knows what else, everywhere they went. Only then would people start to think that there was a problem that needed to be addressed. This man is trying to bring it to light before its too late.
Is the headline sensationalized? Yes. However, any IT security person will tell you that a weakness will never actually get dealt with, especially in new technology, unless there is something sensationalized that get the attention of those that approve such things. Because IT security interferes with ease-of-use most of the time every IT person I know has had to struggle to get what are often simple security measures put into place.
For example, its not hard to imagine people chipping themselves and then securing their house so that the locks are dependent on their chips (and those of the rest of the family). If someone can write a virus for these things they could simple create a chip to disable it, carry it to peoples houses, and then walk right in, as if there was no lock system in place. Not only would they be robbed blind by a corrupted chip that acted as a skeleton key, but then the owner would become a carrier; disabling security systems and who knows what else, everywhere they went. Only then would people start to think that there was a problem that needed to be addressed. This man is trying to bring it to light before its too late.
Is the headline sensationalized? Yes. However, any IT security person will tell you that a weakness will never actually get dealt with, especially in new technology, unless there is something sensationalized that get the attention of those that approve such things. Because IT security interferes with ease-of-use most of the time every IT person I know has had to struggle to get what are often simple security measures put into place.
The sound of the duh is impressive.
Perhaps it's the cynical security minded IT guy in me but what I got from the article is he proved that his chip could transfer the virus to the reader system, as system I would presumed was dumbed down to allow just this sort of proof of concept to occur. The war between virus writer and security is always going but single use devices are one place where security has some serious advantages as you can literally lock them down for only limited use which goes a long ways towards curbing your vulnerability. Basically the scientist proof of concept some thing everyone already knew and presumably are planing for.
Perhaps it's the cynical security minded IT guy in me but what I got from the article is he proved that his chip could transfer the virus to the reader system, as system I would presumed was dumbed down to allow just this sort of proof of concept to occur. The war between virus writer and security is always going but single use devices are one place where security has some serious advantages as you can literally lock them down for only limited use which goes a long ways towards curbing your vulnerability. Basically the scientist proof of concept some thing everyone already knew and presumably are planing for.
QUOTE (LurkerOutThere @ May 26 2010, 10:32 AM)
Basically the scientist proof of concept some thing everyone already knew and presumably are planing for.
In my experience, many of the things that are "duh", are actually not planned for properly. Often times its because VP's, or customers, or whatever, do not appreciate the risk. I can't tell you how many times I've seen IT security people be accused of being paranoid only to later have those same bosses ask them what could have been done to prevent whatever it was they'd been warned of originally.
If measures are already being taken to prevent the kind of virus spread he's using, then great. Unfortunately, I'm not someone that is confident in "It's a duh concept, so presumably it's been dealt with," because too often it is not.
Basically it's my feeling that if they copied a device to a working production security system they would have touted it as such, the fact that they didn't to me speaks volumes.
QUOTE (LurkerOutThere @ May 26 2010, 03:16 PM)
Basically it's my feeling that if they copied a device to a working production security system they would have touted it as such, the fact that they didn't to me speaks volumes.
Hay guys! I have a briliant plan, lets test this virus onna REAL security system! Yeah? Fuck it something up good!
The joys of a test bed! Actually some security firms would trip over themselves to have academia try and break their stuff.
QUOTE (LurkerOutThere @ May 26 2010, 03:30 PM)
The joys of a test bed! Actually some security firms would trip over themselves to have academia try and break their stuff.
I would wager that's the next step. My point was that you don't test on the real deal, you test on a test setup. First you use something that is unsecure (showing virus transfer) then you up the ante.
QUOTE (LurkerOutThere @ May 26 2010, 10:32 AM)
Perhaps it's the cynical security minded IT guy in me but what I got from the article is he proved that his chip could transfer the virus to the reader system, as system I would presumed was dumbed down to allow just this sort of proof of concept to occur.
Does that same IT guy see some value in showing the masses that it's doable, rather than simply having the IT guys know it is? Personally, I think getting the idea out to (common) people that there's some serious issues with most of the tech-ID mechanisms currently in use (RFID passports, anyone?) is a good idea, even if, to the tech people, it's redundant, obvious, and involves inaccurate reporting like "man infected with computer virus."
No, because they will either A) Misinterpret the information B) Be unqualified to act on it even if they get it right. Best case scenario it causes a panic response like the woman who we ran into the other day at the grocery store who doesn't use credit/debit cards because she doesn't feel they are secure enough, but writes checks so she has her Name, Address, Phone Number, Drivers License numbers, and bank account information floating around multiple places a day.
This article won't fix the masses ignorance, it may in fact make it worse.
This article won't fix the masses ignorance, it may in fact make it worse.
QUOTE (LurkerOutThere @ May 28 2010, 11:56 AM)
she doesn't feel their secure enough
They're. A contraction of "they" and "are."
Their. A possessive third person adjective.
There. A location somewhere else.
Thanks..... i guess?
I don't get it. He had an RFID chip that had a "virus" implanted, which was then able to pass the virus along to a reader? RFID signals are usually plaintext, aren't they? I mean, this sounds like boasting that you've hacked a PHP installation after you've purposefully stopped properly escaping strings. I really don't see how he managed this without basically allowing himself to do it.
Dudes all walking down the street making every ARO they pass broadcast the hampsterdance song to everyone in the vicinity's earbuds...
Yeah I've heard of him before, he is big on getting chips implanted in poeple saying it will lead to a new level of humanity. The writer of the article is obviously sympathetic going for a 'read this' headline which is completely deceptive.
Far more serious is the risk of a wireless 'virus' affecting more modern biotech like pacemakers.
Far more serious is the risk of a wireless 'virus' affecting more modern biotech like pacemakers.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.