Hacker exploits Android devices with self-implanted NFC chip

A security researcher has demonstrated that it’s possible to implant yourself with a NFC chip that will not be detected by body scanners at airports or other high-security locations, and which could be used to compromise devices inside a guarded perimeter.

Seth Wahle, an engineer at APA Wireless, implanted such a chip into his hand. Its Near Field Communications antenna can ping Android phones of individuals who find themselves near him, and asks them to open a link.

The link leads to a malicious file and, if the target installs and runs it, the phone will connect to a remote computer operated by Wahle, who can then carry out further exploits on that mobile device (with Metasploit, for example).

Granted, it’s unlikely that most users would follow a link that pops up out of nowhere on their screens, but a better thought-out attack using a bit of social engineering should do the trick.

The biggest advantage of implanted chips is that the attacker can surreptitiously smuggle them into high-security locations where all wearable technology and other devices are banned.

Wahle, who used to be a US navy petty officer, says that none of the military scanners he had to pass through every day detected the chip.

He bought the chip, which is usually used on cattle, from Chinese company Freevision, he explained to Forbes’ Thomas Fox-Brewster. He programmed it and had a “unlicensed amateur” implant it.

He, along with security consultant Rod Soto, will share more details about the whole process and the attack with the attendees of the Hack Miami conference in May.