Your smartphone leaks. The BBC is reporting on a biohacker (not to be confused with a lifehacker) who came up with a solidly bananas yet ingenious way to straight pick your pocket of its data. The secret, if you want to know the truth, is basically dark magic buried in his skin.
Seth Wahle, a former U.S. Navy officer and current engineer at a wireless company called APA Wireless, somewhat bravely and very WTFly implanted an RFID (radio frequency identification) chip in his hand. The device holds small amounts of data and can communicate with nearby devices such as smartphones using a Near Field Communication (NFC) antenna. Using the chip, Wahle is able to steal information from phones and send that info to a third party.
Let’s just rewind that a sec: a cyborg hacker can now filch data off your phone just by picking it up.
Here’s how the hack really works. Wahle’s chip sends a signal from the NFC antenna to the device he’s holding, which then causes a pop-up to appear onscreen. Wahle can then click the link from the pop-up, installing a file that connects the phone and its data to a remote server. Rod Soto, Wahle’s partner-in-cybercrime, told the BBC: “Once I get that call back, that phone is mine, that’s pretty much it.”
But of course you're not so n00b to click any old link that mysteriously pops up on your phone, right? RIGHT. Hackers are also not incredibly obvious, so they might make these pop-ups appear as common push notifications or system updates. Wahle and Soto say it may be only a matter of time before hackers bypass the pop-up trick altogether and snatch data directly, via the phone's signal. This kind of hack could evolve to be able to intercept info from your credit cards or mobile payment methods like Apple Pay and Google Wallet.
Wahle and Soto aren’t in the business of taking data — they’re working to prevent hackers from taking data using methods as crazy as Wahle’s implant, which, according to him was injected between his pointer finger and thumb by an amateur tattoo artist turned amateur surgeon he paid to perform the procedure. Wahle and Soto are behind a cybersecurity startup called Caveo Security, which they hope will expose security risks. “I’ve done this with one technology and as technology progresses this can be done for everything," Wahle says. “The whole idea of what we do is to break something to show somebody it can be broken.” Lead-lined OtterBox, anyone?