The Dangers of Microchip Implants: A Privacy Breakdown

06-08-2020 | By Robin Mitchell

The use of microchip implants in the human body has many excited about the possibility of removing the need to carry cash, a card, or every ID. However, those who wish to use an implanted device should think twice before getting the procedure done for reasons that will be discussed here.

What are microchip implants?

Microchip implants are RFID microchips connected to a small coil antenna, which is all housed in a special biologically inert glass capsule. These devices, intricate in their design and functionality, are further explored in terms of their composition in the our article what microchips are made of. The microchip can carry all kinds of metadata, including unique IDs, names, date of birth, medical information, and permissions for a facility. 

Implanted devices cannot use battery power as they cannot be physically accessed once implanted; thus, changing a battery is impossible. Instead, such devices utilise NFC technology, whereby an external reader provides the energy needed to operate the device wirelessly. This also has the added advantage that the implant is mostly a passive device; under normal conditions, the device emits no radio waves of any kind.

Photographs of RFID tags employed for tracking and identification objectives.

Photographs of RFID tags employed for tracking and identification objectives.

The intricate process of creating microchip implants, from silicon crystals to integrated circuits, is a testament to the advancements in microchip manufacturing. For a deeper understanding, one can delve into how microchips are made.

What can microchip implants be used for?

As these devices utilise NFC technology, they can be used in place of any NFC technology currently deployed. One example of how implants can be used is as an ID card; the implant can be used to open doors that the user is allowed to use, while security can use the implant to verify the identity of the user. Implants can also be used in place of contactless cards for small payments, such as vending machines, fast food, and shopping. The use of an implant for monetary use provides users with the convenience of never losing their ability to pay for items; of course, this only applies to sellers that offer NFC payments.

The evolution of microchip implants is a fascinating journey, reflecting broader developments in the history of the microchip. From their inception to their current multifaceted uses, microchips have transformed how we interact with technology.

Beyond Identification: Diverse Functionalities

The scope of microchip implants extends far beyond identification and payments. These devices are being explored for advanced medical applications, such as real-time health monitoring and emergency medical data access. In the workplace, they could streamline security processes, replacing traditional access cards. The integration of microchips into everyday life could herald a new era of convenience, albeit with necessary considerations for privacy and security.

What are the disadvantages of implanted microchips?

Using implanted microchips has a multitude of issues that relate to either privacy or safety. One major disadvantage of NFC-type devices is their ease of access, meaning that most NFC readers can provide power to an RFID system and read data from the device. An unencrypted device would allow nearby attackers (who do not require physical contact) to obtain information stored on the device. Thus, if the information is related to medical conditions and personal identity, then it would be straightforward for an attacker to clone the device.

This issue with insecure data can be easily fought against using encrypted data so that only authorised readers can obtain data. However, this brings in more issues that could arguably be worse than allowing an attacker to steal data wirelessly. The first issue arises from the fact that if authorised readers can only read an implant, then its ability to interact with many systems is severely diminished (i.e. defeating the purpose of having a wireless ID system to make life more convenient). If this is not an issue, probably because the implanted device is being used for security reasons in a research facility or sensitive area, then the user is put in significant danger from attackers. 

Such devices are generally incapable of detecting if the device is present in the correct host or if the host is alive, meaning that a determined attacker may take the implant by force. If lucky, the user may have a small incision made where the implant is located, but if not so, a limb may be removed as this is significantly quicker. The same principle applies to most biosecurity systems, including retina and fingerprint scanners. If the integrity of the biological part being scanned is not checked, then an attacker can take said parts by force. Fortunately, such an incident has not happened yet with implanted microchips due to their low usage, but this has happened to animals, including a dog whose microchip was forcibly removed for the sake of stealing puppies. Removal of the ID enables attackers to deny theft (as the ID of the animal cannot be verified). Thus, the use of the microchip caused unnecessary harm.

Security Risks and Physical Threats

The use of implants also carries privacy concerns with employees; some companies around the world are starting to experiment with implanting devices into their employees. It is feared that a company can use RFID devices to track their employees and monitor their behaviour. While this does provide advantages with regard to security, it can also be considered to be a gross violation of individual privacy and freedom. Those implanted devices cannot be turned off; thus, employees continue to have potentially exploitable devices on their persons even when away from work. Such concerns have even caused one state in the US to bring in a ban preventing companies from forcing RFIDs on their employees.

Scientist in gloves injecting RFID chip into hand of crop client in modern laboratory.

 Scientist in gloves injecting an RFID chip into the hand in a modern laboratory. 

Implanted devices also carry the risk of being reprogrammed by attackers to perform entirely different tasks than what they were designed for. For example, if an RFID allows for reprogramming, then an attacker could, in theory, use the RFID device to run malware when in close contact with an RFID reader. Such a routine could provide passwords, keys, and other sensitive information regarding itself or the system that it works with. To make matters worse, reprogramming is done wirelessly, meaning that a simple shake of the hand could be enough for an attacker to gain entry, upload the new code, and then verify. 

Ethical Implications and Privacy Concerns

The adoption of microchip implants raises significant ethical questions, particularly regarding privacy. The potential for constant tracking and data collection poses a threat to personal freedom. Moreover, the irreversible nature of such implants in employees by corporations could lead to overreach in workplace monitoring, blurring the lines between professional and personal life. These concerns necessitate a careful balance between technological advancement and the preservation of individual rights.

Should we use implanted devices?

This is a hard question to answer and depends on the risk level associated with implanted devices. RFIDs could be highly beneficial for those (such as yours truly) who struggle with remembering to bring payment cards or other necessary forms of ID. The use of implanted devices could also make it simpler to make payments and even provide medical staff with important medical information regarding allergies. However, the risks that implanted devices pose, including the lack of privacy and the possibility that an attacker will forcibly remove the device, are daunting, to say the least. It is very easy to say that “designers can simply find a way to make implants unhackable”, but the truth is that since these devices need to be able to communicate to readers, then by nature, they cannot be unhackable. Personally, the thought of a giant needle being inserted into the hand to insert an RFID device that will do the same job as a contactless debit card is not worth the novelty.

Profile.jpg

By Robin Mitchell

Robin Mitchell is an electronic engineer who has been involved in electronics since the age of 13. After completing a BEng at the University of Warwick, Robin moved into the field of online content creation, developing articles, news pieces, and projects aimed at professionals and makers alike. Currently, Robin runs a small electronics business, MitchElectronics, which produces educational kits and resources.