Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Evening Standard
Evening Standard
Technology
William McCurdy

The cyborg hacker who can infiltrate your phone or office by waving his hand

A new style of agile hackers can today stash powerful tools of their trade within their own skin and deploy them at will around town. This sounds like science fiction but it’s a fact of modern life and will become the modus operandi of the spies or thieves who are already among us.

Even weirder is that thousands of everyday people already have simpler versions of these types of chips embedded into their arms to avoid carrying keys or vaccine passports.

Len Noe is a man on a mission to prove this is reality. Len, who works as an ethical hacker at US security firm CyberArk, has undergone multiple surgeries to have eight specialist security chips implanted into his body. This is partly due to a fascination with becoming “part machine” but mostly to demonstrate how these can be deployed in the wild. He was certainly able to demonstrate some startling offensive capabilities when I met up with him in London.

If you hand Len your phone — for instance, by asking to make a quick emergency call — he can use the Near-field communication (NFC) chip that is inside the back of his hand to instantly pull up a website injected with what is known as BeEF (The Browser Exploitation Framework). This will rapidly install some malicious code on your phone, giving him complete access to it.

Almost all modern smartphones have an NFC chip, which is the underlying tech that allows contactless apps such as Google Pay and Apple Pay to work. In my case, Len was able to take control of the phone in less than 30 seconds. Thankfully, iPhones are currently invulnerable to this, as they use a different type of chip, but Android owners are susceptible to cyborg attacks.

What I have is called a biosensing magnet... When I get close to a magnetic field, I actually feel tingly around my hand.

Biohacker Len Noe

Though this sort of hack is not something that the average Londoner needs to worry about (yet), Len does think that they could be used for targeted attacks by government agencies like MI5 or by large hacking groups such as Cozy Bear. This is the clear direction of travel.

But phones are merely one weak point. How about waltzing through security barriers? Len can easily copy a corporate keycard into the NFC chip in his hand. Once copied, he claims he can walk into your office building with nothing but the back of his hand as authentication.

If caught, he can’t even be held liable for forging a keycard. Though security could tell him to get off the premises immediately, it’s improbable they’d suspect anyone of using an implanted chip. Even if they did, Len highlighted US and UK data protection laws which give citizens the right to medical privacy, meaning you don’t have to disclose devices inside your own body.

Len Noe can bypass security with the implant in his hand (Len Noe)

The self-proclaimed biohacker has plenty of fun with his implants. He enjoys laughing at confused passersby after they see him paying at vending machines using nothing but his hand. By using the magnetic chip implanted near his thumb, he can float magnets around as if by magic. This is his go-to bar trick and apparently a great way to entertain children. But this too has some pretty scary capabilities in expert hands.

“What I have is called a biosensing magnet. It’s an iron core that is tightly wrapped in titanium,” he explains. “When I get close to a magnetic field, I actually feel tingly around my hand.” This means he can trace electrical wiring with his hands by running it over walls.

“If I’m on the outside of your building, and I know you’re using a magnetic lock, I can actually trace the electrical circuits and I can potentially make a small hole, pull the wires through, and then I can splice in, using alligator clips, a separate positive lead. I can then get the magnet to stop working and walk right through your door.”

But these powers do come with some risks. If somebody knows you have a credit card inside your own body, then you become susceptible to what’s known as “skimmers”,  as well as contactless NFC-based transfers, which can drain your bank account.

Using these “skimmers”, inexpensive cloning devices with names such as The Flipper or a Proxmark, you could theoretically clone someone’s credit card off their hand as they sleep.

Not leaving anything to chance, Len often wears a specially made set of gloves, made from what’s called “faraday fabric”, which protect him from electronic transmissions of any kind. But that’s not all; if he encounters a large enough magnet, his magnetic implant will tear at his skin from the inside, which is apparently agonising.

It’s not just hackers who are having these type of chips inserted under their skin. In Sweden, 6,000 people are said to have had their vaccine passports implanted into a hand, and many start-ups pay for employees to have chips implanted as a replacement for an office keyfob.

A British-Polish startup called Wallet Moor now enables people to implant an NFC chip into their hands, for the relatively affordable price of roughly £200. This will allow consumers to swerve the traumatic but all-too-common experience of being without their phone or debit card in an emergency. Last summer, an American man named Brandon Dalaly had the keys to his Tesla implanted in his hand, using tech supplied by a start-up known as VivoKey.

Biohacker Len Noe (Len Noe)

If you’re feeling adventurous enough to consider this, Len did reassure me that the tech has come a long way since the first chip implant was performed in 1999. These surgeries typically take under 20 minutes, and though you can definitely tell there is something external in your body, it doesn’t feel more serious than having your ears pierced. At least, that’s what Len says.

Then again, he’s currently looking to undergo an operation to get what’s known as a peg leg. This procedure would give him a miniature computer, similar to a Raspberry Pi, in the upper part of his leg. The device would expand his current capabilities — giving him a portable wi-fi hotspot — and yet this procedure has landed many in the hospital, with the metal poisoning from the device’s lithium-ion batteries forcing them to have emergency life-saving surgery.

Even though the idea of biometric identity verification or contactless payments could persuade some Londoners to go down this road, it will be a fair while before the idea of replacing your Oyster card with an implant starts to trend.

Aside from the risks and costs, there’s plenty of stigma around getting implants for anything less than a complete medical necessity, such as a pacemaker. Len says people routinely tell him that he has the “mark of the beast” and even his friends hide their phones around him.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.