CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

How biohacking is creating a new security threat - RSA conference Day 3

In this video, we talk about the incredible presentation by biohacker and cyborg, Len Noe at the RSA conference where he discusses the implants he has which enhance his ability to be able to hack, turning himself into the attack vector. I discuss my thoughts and key takeaways from this security threat and how it is going to change how we need to think about security. Presentation: https://bit.ly/2Ry7bV0

Video Transcript

holy so i just found out that cyborgs are real and they can hack this is probably the most terrifying revolution i've had so i'm at the rsa conference and i've just come out of a presentation by len know who is himself what he would call a cyborg and a white hat hacker and his presentation was all about how he has enhanced his body for the purpose of hacking uh fascinating talk there's a lot to kind of unpack so i want to give you my takeaways from this talk i'd love to hear some discussion because this one uh this one's gonna create some interesting thoughts i think so the title of the talk was biohacking the invisible threat as i said this was from lynn no if you're at the rsa conference watch this one uh obviously it's finished now but watch this one on the replay it's uh really really interesting regardless of what your thoughts are on this i think the talk is interesting and well presented so cyborgs are real fun fact number one so lynn had a bunch of implants primarily in his hand he didn't show us any other ones but he showed us some x-rays of implants that he had in his he had some rfid chips and some uh ncf nfc chips near field communication chips uh and yeah as i said these chips are primarily in there uh for the purpose of him to become a better hacker and i guess to kind of lead the charge of what could be this very real new security trend so in addition to the chips that he showed us in his hands he also kind of gave us an insight into where implants are actually going in terms of technology implants so it's not just you know small tiny rfi chips that kind of communicate with something it could be your key or something no you can actually get entire computers installed into your body this is terrifying because you could be using these whilst having a conversation with someone at their desk uh as linux blades and be able to kind of install malicious applications takeovers you know do a whole anything that you can do with a computer you could essentially do with your body and if you needed proximity to someone you know without being suspicious well this takes a threat to a whole another level really fascinating so the one that he talked about was the peg lead so people actually have this installed in their body they have computers in their body len uh did say that he was trying to kind of look into this but i don't think he had one installed the most fascinating parts of this talk he did three examples of actual hacks demonstrating them uh demonstrating them in front of us of how he can use his implants to be able to hack into systems now the first uh the first exploit that he kind of told us was a handshake which was essentially cloning someone's access card now i i've seen people demonstrate how they had cloned an access card into a building before i we all probably have used access cards uh before i saw kevin mitnick do this on stage at a ted talk i think it was where uh he demonstrated how he could clone someone's uh access card in their proximity but it required you know a big bulky suitcase lots of equipment and you know some time what was crazy was seeing that len could do this using just the chips in his hand and a mobile phone uh the mobile phone was important because it really demonstrated that you could just be talking to someone uh having a conversation kind of looking like you're playing on your phone a bit but actually be stealing their access to uh you know the building their offices heck maybe even their car i don't know uh the limitations of this but you know terrifying stuff he did it all within a couple of minutes and then the access chip is on his hand what's crazy about this is this is no evidence anywhere there's no cloned card there's no bulky equipment there's nothing there's nothing that anyone uh could see out of the ordinary he had a mobile phone and then some sophisticated chips in his hand the next attack that he went through was called leprosy which was hacking someone's phone using the near field communication chip that he had so he had to physically get his hands on the person's phone in this and essentially it was to install a malicious apk so apk is the android app files it didn't work on iphones but we'll see how this threat evolves but he was able to basically install an apk with an invisible icon that gave him access to this phone all the files that were on there uh being able to manipulate things seeing seeing where someone is in their proximity their location you know a whole range of different scary uh activities and this was all from grabbing the phone uh you needed to have access to the phone but once you had possession and the phone was unlocked he could install a malicious apk and the last one that he talked about was one he called fishhook which was probably the most terrifying it didn't have the most uh functionality but all he had to do was touch the phone or be very near proximity and it could open up on the web application on a web browser the beef server so if you don't know what the beef server is it's a malicious uh it's a malicious tool that exploits web browsers it's fascinating from a learning perspective of what you can do through a web browser kind of even without any permissions but in this case he was able to you know see the location of someone's phone afterwards just from getting into a near proximity of it so really uh quite crazy stuff and what's craziest is that this isn't hypothetical he showed us how he did this so if you if you get an opportunity go watch the presentation he shows you all the steps that he takes into hacking this and then the last kind of takeaway that i want to do just quickly is to touch on something that probably a lot of people are thinking legal the kind of legal aspect the morality and the ethics now uh you know i don't want to speak for it for len too much but i thought it was is very interesting len is very open about his implants and he says it in the implant community people aren't so open about it because of the reaction in the public you know and i i'm in two minds of this obviously i can understand that this you know is this a bridge too far i don't i don't know personally or is this you know what a tattoo you know what could become the new tattoo or where does this go into the future he has said that he's had everything you know the mark of the beat the religious people we've probably heard about some of this in terms of the covert vaccine people believe that this is an opportunity to implant chips into someone obviously there's going to be a huge percentage of the population that will be against this type of activity uh he's had physical threats if people are kind of scared of him he said so it's quite interesting it's not a very polarizing thing to do to your body and more polarizing to be so open about it so you know i'm fascinated what does everyone else think about this topic and and and len's talk is this where we're heading in the future is this a bridge too far uh is this something that we need to consider in security my vote is saying yes you know you don't need to be with it but you need to consider this i think that this is a real possibility as as we go down this path so let me know what you think i found this talk fascinating i recommend you check it out day three of the rsa conference