While many of us may regard the thought of implanting a tiny digital chip under our skin as something that’s best left to Hollywood, 10,000 humans of ordinary society do not agree and have already modified their bodies with connected bio-chip technology.
Referred to as ‘bio-hackers’, ‘cyborgs’, or ‘grinders’, these people are embracing their new technologically-bolstered bodies and using bio-chips to their advantage – whether that includes making phone calls with the swish of a hand or starting a car engine with a wave. Some have even implanted LED-fitted chips in their hands in order to achieve a red subcutaneous glow.
Many of these bio-hackers view themselves as part of an innovative and experimental community, whereas others consider themselves to be solitary pioneers of a technological revolution.
They work alongside mainstream scientists, engineers and doctors who are exploring and starting to implement connected bio-chips for a range of medical treatments and other, more prosaic, applications – such as opening the door.
Currently, a connected bio-chip is the size of a grain of rice and can carry no more than a business card’s worth of information. But once a suitable, body-friendly, power source has been developed, these little grains can be fitted with a more advanced microprocessor and will be able carry and exchange more data. This willopen up a whole world of potential applications.
However, where technology goes, the cybercriminals are rarely far behind. In order for society to benefit from this amazing new technology, there are some important, but challenging IT security questions that need to be addressed.
When do we start to introduce some kind of security standards for bio-chip technology?
Currently, self-proclaimed ‘cyborgs’ work in an environment with zero regulation. The idea of setting standards for any aspect of bio-chipping is a controversial one in the industry – with many experimentalists believing that this would inhibit innovation.
Further, the limited range of existing applications means that risk levels are currently very low, so consistent security is not a focus. But introduce an energy source, a bigger processor and financial transactions or identity checks and, overnight, security will suddenly become a top priority. Will it be too late by then?
Should encryption be mandatory?
Encryption becomes possible once a power source has been achieved. If there are no other enforceable standards, should there at least be a requirement for data encryption? If national governments want to introduce bio-chipping for identity purposes such as passports, full data encryption will be a must.
How do we protect these walking, talking USB sticks?
Having a bio-chip implant, once it has access to power, could be no different to having a USB stick with you at all times. The ability to copy, share and transfer data is convenient, and your body isn’t likely to get left behind on the train as easily as a USB. However, there are still risks involved.
Data access privileges will need to be established for bio-chip technology to prevent people from unwittingly transmitting data to the wrong place. For example, there’s no need for a doctor to see the patient’s financial records and employees may not want employers to see their health records.
As the technology progresses and connects to more devices, this question will increasingly raise concerns.
What if bodies become ‘infected’?
With bio-chips inside our bodies, ‘infection’ could involve catching a virus of an entirely different variety. Although it is not currently possible for bio-chips to be targets of malware – they are simply not powerful enough for this to happen – we do need to be prepared for the possibility.
A future solution might mean integrating implanted bio-chips into the individual’s overall IT security solution – just like smartphones, laptops and other connected devices – making it just another endpoint.
This will aim to protect the individual’s data from potential threats and reduce the possibility of human bodies becoming carriers of malware as the human host moves from one location to the next.
Where is the privacy boundary if we are connecting to everything and everyone?
Before we rush to connect bodies to devices, corporations and people, we need to pause for a moment and consider personal privacy. If people are to use connected bio-chips to track their children’s movements, at what point does that suffocate them?
If doctors use them to monitor personal lifestyles, at what point does that become invasive? If employers use them to ensure security, at what point do they have too much insight into their employees’ lives outside work? And if commercial organisations are able to access personal information, what price privacy?
Finding the right balance
It’s important to address these challenging issues now. Kaspersky Lab, for instance, has been working with BioNyfiken to do just that; to find the answers before the questions become urgent ones. Security should be built-in from the start. By the time the chip is inside you it’s going to be too late.
Sourced from David Emm, Principal Security Researcher, Kaspersky Lab