A British scientist has infected himself with a computer virus. Take a second and let those words sink in. Ten years ago, people still carried pagers, now a man has a computer chip inside of him, and it is infected with a virus to boot. The future is nigh.
Dr. Mark Gasson is a cybernetics researcher at the University of Reading in England, and in some ways he is a real life six million dollar man. Of course, six million dollars won’t get you quite as far as it got Steve Austin, a single chip will have to suffice. Gasson has a Radio Frequency Identification (RFID) chip implanted in his wrist that allows him to do certain things, such as open keycard locked doors, and operate his cell phone. The technology for this type of device has been around for a few years now, but Gasson wanted to test the security behind the RFID chips, so he infected his with a benign computer virus according to PC World.
Gasson and his group of researchers created the virus, then embedded it in Gasson’s chip. When Gasson entered the lab and the RFID chip signaled a security door to open, the system that accepted the information to make the door unlock, also accepted the virus. From there, the virus began to replicate, and any other person that swiped their card, or used their RFID chip to interact with the infected computer, then became a carrier for the virus.
The virus Gasson created was harmless, but his point was to show that cybernetic computers are not immune, and viruses can be transmitted wirelessly into the computer. In simple and practical terms, this means any hacker that could infect an RFID chip could write a virus that would give them access to the highly secure lab.
Hacking an RFID chip itself is nothing new, nor is it particularly dangerous except in terms of security, but many bionic chips are designed to help people physically. Pacemakers, cochlear implants for the hearing-impaired and neurological implants for example, could potentially face electronic viruses that become life threatening, according to Gasson.
Gasson’s experiment was designed to point out the potential security holes in cybernetic chips now, rather than later when they are more widespread. But not everyone agrees with his assessments.
Networkworld is reporting that security vendor Sophos is claiming the risk to be so minimal, that Gasson’s experiment is little more than a publicity stunt.
“Any virus code on the RFID chip would be utterly incapable of running unless a serious security hole existed in the external device reading it,” said Graham Cluley, a senior technology consultant for Sophos. “RFID chips normally just have data read from them, rather than ‘executed’, so the chances of a virus infection spreading in this fashion is extremely remote.”
While the RFID chips can accept information that may contain a virus, and that virus could potentially be transmitted between two RFID chips in close proximity, the virus would need an operating system connected to an RFID reader.
“The main progress that appears to have been made from such research is not a contribution to computer security, but a full-proof method of ensuring that university staff don’t forget their office door pass in the morning,” Cluley said. “Predictions of pacemakers and cochlear implants being hit by virus infections is the very worst kind of scaremongering.”