Is infecting a human with a PC virus a big deal?

A British researcher implanted a Radio Frequency Identification (RFID) chip into his hand and infected it with a PC virus.
Written by Boonsri Dickinson, Contributing Editor

Mark Gasson claimed to be the first human infected with a PC virus.

Others grumbled at his publicity stunt.

Last year, Gasson had a Radio Frequency Identification (RFID) chip implanted into his left hand.

As part of an experiment looking into possible security risks of implants, Gasson purposely infected himself with a "benign" computer virus to show that bionic devices can be ill struck with viruses.

RFID chips are basically tiny computers. The microchips are commonly used to track items for commercial and security reasons, but experts have previously dismissed possible threats — they believed the memory of the RFID chips couldn't support a viral attack.

However, University of Reading's Gasson has demonstrated otherwise.

Normally, the RFID tag puts out a signal that lets only Gasson use his cell phone and access parts of his lab. However, after Gasson's chip was infected, he went into his lab and infected the computers that read his code.

Once the virus was in the main database, it replicated — as viruses do. And so when Gasson's lab mates swiped their card in for entry, their RFID readers picked up the virus. Wow, now that's a major security loophole.

"By infecting my own implant with a computer virus we have demonstrated how advanced these technologies are becoming and also had a glimpse at the problems of tomorrow," Gasson says in a statement.

Now, imagine what would happen if bionic implants such as pacemakers and deep brain stimulator became infected. As more machines make their way into our bodies, PC virus threats should not be ignored.

Understandably, Gasson's experiment evoked strong emotions - the situation exploited a vulnerability in a technology that is seen as science fiction rather than reality.

But Kevin Fu doesn't think this scenario is that far fetched. At the University of Massachusetts, Amherst, Fu also contemplates possible security loopholes with RFID tags.

"To me, it's not fundamentally surprising that malware could spread via an implanted device.  A computer is a computer no matter how small, and therefore can serve as both a target and carrier of malicious software," says Fu. "However, the risk could grow quickly if the tiny implants are depended upon in critical computing infrastructure."

In 2006, Melanie Rieback wrote in Is Your Cat Infected with a Computer Virus: "RFID malware is a Pandora's box that has been gathering dust in the corner of our 'smart' warehouses and homes. While the idea of RFID viruses has surely crossed people's minds, the desire to see RFID technology succeed has suppressed any serious consideration of the concept."

Vrije Universiteit's Riback created a self-replicating RFID virus — showing from just one infected RFID tag, databases around the world could be susceptible.

As RFID technology becomes more mainstream, these and other security issues will arise. However, what could possibly go wrong remains pure speculation at this point.

This post was originally published on Smartplanet.com

Editorial standards