Chip Implants Raise Security Concerns

Could Microchip Implants Increase Fraud?

There may come a day, a generation or two from now, when stories about the data breaches and other hacking threats faced by payments and commerce operators in 2018 seem quaint — or, at the least, like relatively primitive foreshadowing of a new type of digital criminality.

It’s no big news that microchip implants are part of the future of humanity. It’s already happening, of course, albeit tentatively.

Consider the Wisconsin workers whose employer offered them the chance to embed chips to buy snacks, gain access to physical spaces and computers and other tasks.

And this October, news emerged that “thousands” of people in Sweden have also had microchips inserted in their hands — the brief process involves a chip about as big as a grain of rice, a syringe, a bandage and a bit of pain that participants have typically described as a mild sting — for home, office and gym entry, and for storage of emergency contacts, social media profiles, digital tickets and other data.

The payment and commerce opportunities of such technology is obvious, and the wearables market is helping to guide the way toward the potential (likely?) mainstreaming of chip implants.

So far, confidence is high among implant backers that the chips are safe from hackers, even though more neutral observers have taken more skeptical views, warning that criminals likely will find a way to steal the data on such chips — data that includes not only payment information, but also intimate details of that person’s health and identity.

Implants Rising

There is another emerging area of concern that goes beyond these recent moves with hands and limited numbers of people.

The use of implanted brain stimulation devices in patients is a growing area of medicine, used to treat such disorders as tumors, Parkinson’s disease and depression. As a research report released on Monday (Oct. 29) by Kaspersky Labs and the University of Oxford Functional Neurosurgery Group noted, the technology is quickly gaining ground. “The latest generation of these implants comes with management software for both clinicians and patients, installed on commercial-grade tablets and smartphones,” the report said, adding that the “connection between them is based on the standard Bluetooth protocol.”

But those gains come with fresh concerns about digital security.

Those devices are not the microchips from those programs in Wisconsin and Sweden — nor, of course, the chips implanted into pets. The brain devices are more complicated and larger than those chips, but the common point is that, like the chips, the technology is implanted in a human being to facilitate a variety of tasks, which in turn requires the storage of sensitive data that needs to be protected from criminals.

Memory Technology

Brain implants are developing to a point that would still seem like science fiction to many — and will almost certainly have impacts on the exercise of payments and commerce. For instance, “memory implants are a real and exciting prospect, offering significant healthcare benefits,” added Laurie Pycroft, doctoral researcher in the University of Oxford functional neurosurgery group.

Such implants can have a variety of uses that include treatment of people (including soldiers) with traumatic brain injuries, or those suffering from Alzheimer’s disease and similar disorders.

But memory implants will also present a variety of opportunities for cybercriminals. Those “could include the mass manipulation of groups through implanted or erased memories, while ‘repurposed’ cyber threats could target new opportunities for cyberespionage or the theft, deletion or ‘locking’ of memories (for example, in return for a ransom),” according to the Kaspersky report.

The report predicted that “commercial memory-boosting implants could appear on the market” within a decade, and that “within 20 years or so, the technology could be advanced enough to allow for extensive control over memories.”

Security Vulnerabilities

The main areas of security risk?

According to the report, there are vulnerabilities and holes in the “exposed connected infrastructure” for those implants. Already, “researchers (have) found one serious vulnerability and several worrying misconfigurations in an online management platform popular with surgical teams, which could allow an attacker to access sensitive data and treatment procedures.”

Risks also come from “insecure or unencrypted data transfer between the implant, the programming software and any associated networks,” the report said. How criminals might exploit that veers into the nightmarish. “Manipulation could result in changed settings, causing pain, paralysis or the theft of private and confidential personal data.”

And as is the case with other forms of hacking, data theft and fraud, danger can always come from the inside, or what the Kaspersky report called “insecure behavior by medical staff” who could access private patient data for criminal purposes.

In the world of payments and commerce — whose operators vacuum up so-called Big Data and run all that information through increasingly sophisticated algorithms to all but predict what a consumer will buy before he or she even knows it — there is an increasing bond between the technology and the individual subconscious. At the same time, machine learning and artificial intelligence are taking on more responsibility – not only to prevent fraud, but to spot well-disguised global fraud networks before they can do too much damage.

Now, with human biology becoming more intertwined with chips and other digital technology, there will come new threats, the nature of which will no doubt be much more intimate than is the case now.