How I Lost and Regained Control of My Microchip Implant
I learned the hard way that information security is a double-edged sword.
The author at the exact moment he regained access to his hand. Image: Lorenzo Franceschi-Bicchierai
The Weakest Link is Motherboard's third, annual theme week dedicated to the future of hacking and cybersecurity. Follow along here .
Listen to Motherboard’s new hacking podcast, CYBER, here.
It was just before midnight when I made the impulsive decision that would transform me into the world’s most useless cyborg.
My friend and I had just left a free concert at the 25th annual Def Con, the world’s largest hacker conference, and were roaming the halls of the Las Vegas Caesars Hotel trying to decide what to do with the rest of our night. Then I received the fateful text message from a friend: “Biohacking village shutting down for the night, there’s a few more implants left.”
I had made a few casual remarks over the weekend about wanting to get a near-field communications (NFC) chip implanted in my hand, but every time I went to visit the booth there had been a long wait. This would be my last chance to get chipped at the conference so we decided to stop by on our way out of the hotel.
By the time I arrived at the biohacking village there was just a single NFC chip left. It felt like fate, so I forked over $50 cash and took a seat at the piercing station. I’ve gotten a few piercings before so the prospect of getting poked didn’t bother me as much as the prospect of getting a passive electronic device injected into my hand in a hotel conference room.
If I had a single piece of advice for anyone thinking about getting an NFC chip implant it would be to do it sober.
NFC chips are similar to the Radio Frequency ID (RFID) chips used for things like employee badges or tracking merchandise at stores, except they’re not quite as powerful (hence near-field) and allow for two-way communication. NFC chips can be used to store small amounts of information, such as passwords, contact information, a web address, or even a photo.
When an NFC chip is brought within a few centimeters of an NFC reader (most modern smartphones come with NFC capability), the data on the chip can be transferred to the reader. The way this works is that the reader generates a weak electric current that creates a small magnetic field. When the NFC chip is within that magnetic field, a small coil in the chip uses the energy from the phone to produce its own field so that the data stored on the device can be transferred to the reader.
The NFC chip I got injected in my hand was made by Dangerous Things, a biohacking company started by Amal Graafstra that has also pioneered DIY biometric guns. Graafstra has been selling these chips since he raised $30,000 in a crowdfunding campaign in 2014. The chip is encased in a small glass tube that’s a little under a half an inch in length and just two millimeters in diameter. This tube is injected into the soft flesh between your thumb and index finger just above the webbing. When you hold your hand in certain positions, the outline of the chip can just barely be seen pushing against the skin.
The actual process of getting the implant went off without a hitch, but things quickly devolved after that. The thing about NFC chips is that anyone with a reader can also write to the device if it is not protected. While this isn’t exactly a huge security threat, given that someone would have to get the reader within several centimeters of your hand to write to the chip, when you’re at the world’s largest hacker conference it’s better to play it safe.
So, at the urging of everyone at the implant station, the first thing I did with my implant was secure it with a four-digit pin. I hadn’t decided what sort of data I wanted to put on the chip, but I sure as hell didn’t want someone else to write to my chip first and potentially lock me out. I chose the same pin that I used for my phone so I wouldn’t forget it in the morning—or at least, I thought I did.
If I had a single piece of advice for anyone thinking about getting an NFC chip implant it would be to do it sober. For starters, the piercer probably won’t even give you the implant if they suspect you’re intoxicated for reasons involving consent and safety (alcohol thins your blood, which is also why you shouldn’t get a tattoo while drunk.) But more importantly, you won’t wake up the next morning with a splitting headache and absolutely no idea how to unlock your hand.
I spent most of my first day as a cyborg desperately cycling through the various pin possibilities that made it impossible for me to unlock the NFC chip in my hand and add data to it. I tried all the obvious candidates—0000, 1234, 6969—and the various pins I use for other parts of my life. I tried NFC readers on various phones as well as dedicated NFC devices. I spent far too long reading about the protocols used to secure the chip, but the conclusion seemed inescapable: I had irrevocably owned myself.
HOW I REGAINED ACCESS TO MY HAND
By the time I left Def Con, I had accepted my fate as a totally useless cyborg. It is possible to remove NFC implants, of course. The process involves a minor surgery and from what I’ve read it’s really not that big of a deal. But when this year’s hacking week came around, however, it seemed like a good opportunity to try to unlock my hand one last time. So I posted to the Dangerous Things forum in the hopes that someone else had experienced similar issues with their NFC chip.
Graafstra responded and said it likely had to do with the fact that I had used a third-party NFC app to set the password when I first got the chip. Dangerous Things recommends securing its chip implants using its own NFC app. After that, any third-party app can be used to add or read the contents of the implant. The problem, however, is if you use one of those apps to set up the password in the first place.
Without going into the technical details of why this is a problem, these apps alter a specific part of the chip’s security mechanism so that it can only be altered by that same app. In other words, to unlock my hand I would have to remember not only the password, but which NFC application I had used to set it.
I wasn’t entirely sure of the password that I used to secure my hand, but I had a half dozen leading candidates, so it was mostly a matter of figuring out which app had been used to protect the chip. I began by using an app called NFC Shell that allows users to issue commands in hexadecimal format directly to the NFC chip. The app had been removed from the Google Play store a few months prior for unknown reasons so I had to sideload the app on to my phone. After several attempts of trying to figure out the password using the shell, I began trying various commercial apps.
After trying an app called NFC Tools without luck, I moved on to NXP TagWriter. I tried five or six different pin combinations, none of which worked. I was about to give up with that app when I decided to try one last pin combination—and it worked. All told, it probably took five hours of reading technical documents and trying different combinations of passwords, NFC apps, and NFC readers to regain access to my implant.
It’s a strange feeling to have access to the chip in my hand for the first time since I got it implanted over a year ago. Now all I’ve got to do is decide what to store on the roughly 900 bytes of memory implanted in my hand. Maybe I’ll put a GIF or my contact information, but a part of me wants to leave it blank. After a year of living with a totally useless NFC implant, I kind of started to like it. That small, almost imperceptible little bump on my left hand was a constant reminder that even the most sophisticated and fool-proof technologies are no match for human incompetence.