Biohacker: The Invisible Threat

so next type we have lenoire who is joining us from texas the united states good morning foreign [Applause] i'm very excited about this uh this talk very curious about it so yeah you can take it from there appreciate it thank you christian first of all uh just wanted to say thank you guys for allowing me the opportunity to speak this is going to be a really fun fun talk today my talk is called biohackers the invisible threat uh my name again is len know i'm part of the cyber arc uh corporation i'm one of their global solutions and part of their global domain solutions enablement team i'm one of cyberarks white hats i'm also a global security speaker and

i've been with cyber art now for going on eight and a half years i've been in it professionally for over 26 years in roles ranging from programmer to systems architects i've been also breaking into computers since the commodore 64 days and spent a really large amount of my time in my youth as a black or a grey hat hacker i am professionally trained as well as come by a lot of my knowledge through practical application i'm really really active on social media and i invite everyone to reach out over linkedin and check out my github and my youtube channels for additional security related content so let's get right into it so i wanted to start today by asking a

very simple question what does a cyborg look like when you hear the word cyborg what comes to mind maybe a terminator star wars you know quick shout out to my the previous speaker i'm all about the sarlacc pit or star trek anybody who knows the definition of a cyborg would probably have some vision in their head and i'd be willing to bet that it's all shiny and to some extent robotic looking well i hate to pop your bubble but that's just not the case anymore guys cyborgs are not only on the movie screens they walk among us and you may be friends with one and don't even know it these are my hands i'm a biohacker in the truest sense of

the word i am not only an augmented human with microchips in my hands but i'm also a white hat hacker i'm a hacker that has modified my body to take advantage of the available technologies to turn myself into the attack vector i'm going to explain what my current chips are as well as giving you a road map on what i'm looking to do to continue my journey to become more than human so as i said the x-rays above these are my hands and i have the following capabilities with my current implants i have a flex next this is a long range nfc rfid reprogrammable chip i have a next chip it's the same as the

flex next much smaller range i have a flex m1 magic this chip allows me to emulate any number of older access cards from public transit to membership tokens to physical access i have a vivo vivoki spark2 this is a cryptobionic chip that can perform strong cryptographic functions and since the time this x-ray was taken i actually have two additional implants i have a flex em this allows me to emulate most of the popular physical access cards including prox prox2 hid indala pyramid and just a ton more and i also have a titan biomagnet this is a biosensing magnet that's been placed in my pinky and this allows me to actually feel electromagnetic currents so augmented humans are not science

fiction we're here we're not going anywhere and as the technology continues to evolve so will we so i've broken this talk into three parts yesterday today and tomorrow i'm not going to spend a lot of time on the history of who we were just enough to show that the biohacker or transhuman is just the point where science technology and humanity meet so the idea behind implanting technology inside the human body's been around since the 1950s the patent for the first cardiac pacemaker was submitted in 1952 and was the size of a table radio this was not fully implantables and actually required leads to be connected to the external power source with the advent of the transistor in the

night the mid-1950s the ability to construct a fully implantable device was achieved in may of 1958 the first implantable technology was actually placed inside of a test subject animal the first human to receive an electrical device implanted in the body was in buffalo new york in 1960. the tech up to this point was pretty static and didn't allow for much in the way of conditional executions or modifications from the original programming 1964 gave host the first implantable technology that can take data from the body itself throughout the 70s and 80s there were some advancements but nothing that would really set the world on its ear 1990 is when things really started to pick up for the implant community

from the creation of smart devices all the way through to artificial intelligence where that is now today commonplace for biohackers our history was forged by the medical profession to address deficiencies of the human body from a reactive perspective by that i mean that the issues were already there additionally there were no options for an individual to enhance themselves through technology so who are we today people like myself are referred to by many names biohacker grinder transhuman regardless of what name you want to put on us we all share the concept of moving beyond the human form that we were born into the term transhuman was actually first coined by julian huxley in the movement he created was fueled by

multiple people looking to extend the capabilities of the human form so where do you find implantable technologies the same place we find everything else the internet now there are multiple implant manufacturers from to choose from i personally work exclusively with dangerousthings.com i do not get a kickback from these guys but i typically get asked where do you get this type of stuff so i'm not trying to you know advocate for these guys do some research these are just the guys that i use you know these are just some of the types of implantable technology that are actually out there and available right now we have magnets both lifting and biosensing we have flexible you know

uh nfc we have flexible uh rfid we having clap encapsulated nfc and rfid and encapsulated leds for those that want to go out and have a really fun night at the club and there are multiple variants within these categories to address specific requirements i'm not going to go into the procedure on how we install the implants let's just say there are needles or scalpels involved based on which implement uh which implant that you want to actually have done and if you're interested in more information about that please get with me after the talk i would be happy to go through it as deeply as your stomach can handle so these devices were designed to make

people's lives easier we have the ability to start our vehicles with implants imagine never losing your keys again or how many people have fobs for access to a gym or a shared garage or a storage unit what about being able to pay for goods and services the same way that we use with apple pay or the android wallet but you never have to worry about forgetting your phone every one of these activities constitutes a legitimate use case unfortunately not all of us are friendly as security professionals we need to start looking beyond what we're comfortable with beyond the normal attacks that we've heard about for years the attacks in the end game may not have

changed but the delivery methods have come right off the movie schemes and into our company's infrastructures and data centers security admins know that the normal attack vectors of usb drives phishing cves the list can go on forever but how do you address the fact that any one of your employees could potentially have a full linux distribution to nfc or rfid chips beneath the skin what if someone implanted an hid or a proximity access chip there would be no evidence or indications of compromise to the naked eye for someone in a restricted area for physical access chip implants utilize the same technologies that enterprises are using rfid for door badging nfc for iot my favorite hid proximity cards for

physical access and this is just a few with the number of regulations and audits that companies are required to do for for compliance how would you know if somebody's bypassed your security policy and brought a rogue asset into your environment the simple answer is you wouldn't the peg leg is a single board computer that has been modified to a minimalist form factor with a wireless charging receiver and then encased in biopolymer and implanted in the body this is on the outer edge of extreme even for most biohackers this is not a simple process and making sure that the sbc is completely sealed has caused a number of individuals that have attempted this implant to require emergency removal surgery

this still doesn't stop many more including myself from trying to get one of these things implanted these devices have a have wi-fi as well as bluetooth capabilities and can be accessed over ssh from a mobile device this would allow a bad actor to have access to binaries or even something as widely known as responder they can be made into rogue access points as well as command and control servers the possibilities for a concealed linux system are only limited by the imagination of the attacker originally intended to act as a logless file transfer drop the peg leg was originally designed to leverage the pirate box software however as with anything in technology the technology space people took that

simple idea and had branched out into even more creative or devious areas based on your perspective full linux distributions have been implanted these devices are headless like i said but do have access to that wi-fi access point configured to allow access to the implanted device once connected the attacker has access to the terminal for interactive processes or can be set to perform non-interactive scans and sweep for low energy bluetooth that could be utilized for an attack like blueborne or working in conjunction with a usb share application like virtual here an attacker could execute mouse jacking attacks and inject automated payloads with tools like jacket all while standing and having a casual conversation right there at your desk

the total number of peg leg implants is really not widely known because this was very much a computer a community based project however the fact that there's at least one individual that has this ability should be more than enough case for security admins to take notice let's take a moment just to think about this how as security professionals can we regulate secure locations if people have the ability to conceal full computers within the body this becomes an even greater challenge for companies and governmental agencies who may require elevated clearance to access files or physical locations this essentially removes the power and control from the security authority by obfuscating systems that can be leveraged for nefarious purposes

so let's continue with our first attack vector this one's going to be around the issue of physical access any company will have restricted locations on-prem whether that be executive offices to supply rooms to server rooms the need to keep access restricted in some locations is just a part of doing business i'd be willing to bet that there's a large number of number of people in attendance that have some type of badge on a lanyard possibly i'd even be willing to bet that uh a lot of people out there would feel that that type of a badge and reader system is an acceptable risk from an audit perspective and as such should appease your c-level exacts to the fact

that your physical locations are secure i really hope nobody here besides believes that you know let's think about this how many of us are spatially aware to the point where if we were talking to someone like me would you notice if i pull the small tool like a proc smart chameleon mini and was able to read your access bed which while we were talking i get it all the time there's no way that somebody would be able to do that to me i hope you're right i have countless case studies that involve cloned access badges the act of cloning access badges is not new the technology has been commercially available for over a decade what makes this attack vector different

is there's no evidence of the breach unlike the old days when an attacker would need to have a copy of the clone key or a battery pack for the prox mark to replay the scrape data now attackers can write this information to a subdermal implant and proceed with no way for a security professional to know how or what they access the systems and how the systems had actually been compromised so let me introduce the first attack vector that we're going to be talking about today this one's called handshake handshake is a clone replay attack it utilizes a tool like a prox mark to read the data contained on a card or a fob and then can store that and rewrite that

tag information into another tag in this case it's going to be the tag implant in my left hand so let me show you what this looks like in real life so we're going to start off here with my my mobile device i'm going to open up the proxmart chameleon tool and we're going to go ahead and i'm going to scan my badge and yes that is my badge and yes i do look like every piece of hacker clip art that any of us have ever seen so very quickly we can see that this is a myfair classic card and i'm able to import all of the uid and all of the sector information now keep in mind all of this can be done

while i'm standing there so as we can see here i'm going to go ahead and give this one a friendly name i'm going to call this lens badge or lens id i apologize once we have this now we're going to go ahead and we're going to scan my hand

so we go ahead and we use the proxmart mini again and scan the chip that is actually in my hand we're now able to import a new chip new uid now for the purposes of this demonstration i wanted to show just how widely available and how broad sweeping these types of things can be so we're going to actually rename this one to implant [Music] and now that we have both of them i'm going to go ahead and i'm going to upload these to a cloud storage so that i have copies of them off-site and then i'm going to pull them down into a new application on the mobile device so we're going to get them out

of the proxmark tool save them up to google drive and then we're going to redownload them and we're going to import them into the myfair classic tool on my mobile device so my fair classic now we're going to go ahead and we're going to import the dumps from the original two scans one from my badge one from my hand so real quickly here we go in one import now let's go ahead and let's import the second one and the next thing we're going to do is we're going to do a diff and we'll notice that sector 0 line a there will be differences between the two as well they should be they're not the same they're not identical they're

not cloned so let's go ahead and pick the implant first then we're going to choose my id second and we're going to run the diff and we'll see that sector 0 line a is different so now we're going to go ahead and we're going to write the card or clone we're going to select my id and we're going to write this back down to my hand now certain chips have this ability certain chips you would need to utilize a different device in order to do this again multiple different chips are available for different functionality and different use cases so just like that we write the tag now let's go ahead and let's go ahead and scan my hand and let's do another

diff so new tag found start mapping and now that we've got that we're going to go like i said we're going to go back into the proxmark tool go over to slot 3 and now we're going to scan my chip again in this case we're just going to do it the easy way by clicking the button and just like that successful we have a new uid we're gonna name this one implant two just for friendly names and keep so that way we can keep everybody on on the same page and now we can go ahead and we can do a diff again and we will see very quickly that the sector 0 line a now

matches with the original scan from my id at this point i would be able to compromise any physical access that doesn't require a shield or a secondary factor code in order to to access physical locations that is our first attack vector this would provide no indications of compromise if i was to be discovered in a restricted location so moving on into our next attack vector we're going to be talking about nfc or near field communication this is an amazing technology that many of us have in our pockets right now every android device has full access to transmit or receive nfc data apple's a bit more complicated to explain functionality with ios 11 iphones 7 and 8 and x can be used to

read nfc tags iphone 6 and 6s can be used to make nfc payments with apple pay but has no ability to read standalone nfc tags apple at this time only allows nfc tags to be read via apps there's no native support for native reads i can almost hear all of the iphone people out there cheering you get a pass for now i've not heard of anything on the roadmap for iphones but as the functionality continues to be adopted for industries involving iot i have to believe that apple is weighing the security concerns of native access very carefully so like i just stated standard nfc utilization can be almost anything from beaming a file to a co-worker or a

friend to using a fob or an app to transmit a signal to a receiver to allow some action to take place here's where it gets interesting nfc gets its power from the receiver there's no internal power required to be able to keep a loaded tag and waiting the implant that i'm going to be using for this first attack is going to be that flexness that flexnext that really large nfc rfid chip i will be showing two different attack vectors that exploit nfc the first one i call leprosy the second one is called flesh hook same protocol but a much different payload so leprosy the first attack leprosy this attack may not always work as there are a few

conditions that need to be met in order to execute properly nfc must be enabled and allow apps from unknown sources must be enabled under the developer's tools at this point it's a matter of social engineering a situation where i can get my hands physically on your device i know i know i never let my cell phone out of my sight i don't need it on your site this attack as well as flash hook are designed to be performed in plain sight and actually standing right next to my victim i don't think it would be a large stretch to assume that if we were in the same place together and i was to make some kind of scene about an issue with

my wife or maybe a daughter or a granddaughter and i was pleading for somebody to help me make a phone call i know the good samaritan someone would be there to be my victim we all have a built-in control and try to avoid conflict as well as not wanting to be viewed by our peers as uncaring as an attacker i know this and will do everything in my power to take advantage of it once the phone or tablet is in my hands the receiver in the device will pick up the tag i have programmed in my hand that is pointing to a web location containing an infected apk that was created with msf venom anybody not familiar with that it's part

of the metasploit framework and is used to create connections back to a command control server so i've gotten the device in my hands the chip is prompted to either install or save the file i go through the motions of what appears to be making a phone call what i'm actually doing is loading the apk then quickly returning the device back to you this attack will provide persistence as well as a hidden icon so the owner would never be able to see anything out of the ordinary as well as not being able to find anything in incriminating within your applications list what if this was a work phone what if this was the device you do your

banking with in this scenario i'm already in your phone before i've even left the room from the meta metasploit server i can gain access to the contacts emails photos downloads essentially anything that's on that device all right so now that i've explained it let me show you guys what this looks like just to set everything up for y'all the top window is my end rock session for obfuscation and the bottom window is going to be where i'm going to be executing my metasploit attack so we start off by launching metasploit and said i've already got a resource file so we're going to go ahead and we're going to just load up leprosy via ngrok and

exploit from here i want you to pay close attention to how fast this happens oh my gosh i need help somebody help me please you know i need to make a phone call that's it that fast on the screen you'll see how quickly i can actually pull this off all i need to do is say download you know all the while i can make it look like i'm trying to remember what the phone number is by this point i've already got it down we click install we agree to the installation block by play protect but i don't want it blocked so i'm going to go ahead and actually open it anyway continue main activity done

that's all it took i can hand you your device back and go about my business at this point if we can see from my interpreter session i now have one open session if i do assist info i'm on an android 10 device i can dump the call log we can dump sms we can even pop a shell and start navigating the actual directory structure of your phone there's all 505 sms messages now we've got the ability to navigate through the system [Music] so that is going to be our first attack now again this one does require a little bit of social engineering in the hope that there's actually the ability to enable those unknown sources

for the final demonstration today i'd like to introduce flesh hook in this case i programmed the chip on my hand to point to a very specific website that's been compromised with the beef suite beef is the browser exploit frame extension framework this infects or hooks the browsers of any devices that it connects and allows remote code execution as well as persistence through the beef suite the attacker can enumerate the local land the device is connected to as well as execute advanced phishing attacks executed on the device itself again this requires a little bit of social engineering but as we just talked about that shouldn't be a problem what makes this attack more dangerous than leprosy is there's no need to

install anything along with the fact that most mobile devices have some type of web browser pre-installed nfc in a browser are the only requirements for this attack to work so let's go ahead and let's take a quick look at it so we start out we go ahead and we launch our beef suite now again i'm not going to be focusing too much on the beef sweet exploit post-exploitation my point behind this talk today was to show how the human being can actually become the attack vector so we'll walk through the steps of the attack for the purposes of you know transparency but we're not going to dig too deep into the post exploit so we go ahead and we launch our beef

suite and you'll see that currently we have no online browsers so at this point let's go back again all i need to social and do is social engineer a situation where i can get close to that phone in this case i've actually made a duplicate of the putty website which is actually in a clone that gives me access within the beef suite so as you can see that quickly now i have a hooked browser at this point i now have access to all of the modules contained within beef so we can actually go ahead and navigate and use some of those modules and within the current browser getting geolocation uh and yeah we're going to do this just for

the sake of argument to show that i am connected and it's going to return a location here in very close to me the uh which would probably be the actual hub location and it says as you can see here it says name texas city flugade and now if i get the network connection we can just bounce around in here a little bit any of these commands would be available within the suite and once the initial connection has been made there's nothing to stop the attacker from utilizing any one of these so let's take a few moments just to talk about where we're going and what will we become when we talk about the future of

implants is it if we're trying to write some new science fiction movie companies like tesla are working on technologies like the neural link a brain implant that will allow interfacing between the brain directly to a computer system this sounds like a man-in-the-middle scenario just waiting to happen products like the will it a bluetooth receiver that requires no batteries and gets its power from the air and we all know that bluetooth is really safe right ever heard of blueborne imagine if that attack could jump from person to person or what about implantable wi-fi transmitters there's a product in development called the neurobrain nobody's ever been able to compromise wifi networks what if your next-door neighbor was the wi-fi net mesh network

that you're compromising these are just a few that we know about currently the biggest restriction to advanced technology and implants is the power source there's not currently an effective way to provide clean power for any devices on a commercial implant this is the same issue that we saw with the peg leg and the need for the indirect fast charging receiver it's not always the computer technology that needs to catch up in this case the only thing that's holding back progress as i said is power once that's been addressed the possibility of 24x7 access to an embedded system in the body is really not a far stretch i want to take a moment to talk about

just the legality morality and ethical issues around implanted technologies from and i'm going to speak only from the uh united states perspective from a legal perspective there are no federal laws within the u.s regarding microchip implants at the state levels you can see from the graphics there are multiple states that have adopted different types of legislation there's essentially two types of laws that have been passed here in the us around microchip implants one is mainly focuses around employers and one that's very general the first one is a ban that employers can mandate employee microchipping for time cards or any type of business purpose the second law is just a general ban on microchips period let's talk about liability from an

employer's perspective if an employee gets chipped does that in and of itself make that employee a security risk what if they're just using the chip to access a gym or a garage and has nothing to do with the company but that chip could be used for in an offensive manner would that be something that a ciso would want to know we allow employees to bring personal phones to work excluding the restricted areas but detection is really a lot more obvious much of our current legislation here stems from a push to replace access badges with implants for physical security but as that may help from a i lost my badge perspective it doesn't enhance the security posture for a

company remember implant chips at this point are static they require a reader or a power source to be able to function now just like with the handshake attack bad actors could use those same tools and scrape the targets implants information the same as if it was a physical card the one main difference is that you can take your your access card and lock it up at home when you're going out on the weekend to go party if you've got an implant they are on all of the time if there's a receiver within range they will read that chip there is no current off switch and as such attackers would then have 24x7 access simply by getting close to your your

physical being when the concept of morality and ethics come up the topic of faith has typically has come into these discussions first i want to take a moment to say that i'm in no way trying to be disrespectful to any religion or faith and i'm only speaking to questions that i have personally heard as an international speaker i've had discussions with people all over the world about my implants the discussions typically go in one of two directions mostly it starts with fear from whoever is talking to me i've been told that i have the mark of the beast i've been told that i'm being tracked by the man i've even been asked if this is the same

chip that people have in their dogs or cats all of these conversations are driven by the fear of the different or the unknown i've had acquaintances tell me that they are physically afraid of me due to my implants i don't really know what they're afraid of it's almost as if they think i'm going to turn into a terminator and go on to go on some kind of a rampage the truth is that there are more people out here like me than you could imagine the difference is i don't have a problem with people knowing who and what i am many others like me keep their implant secrets over the concerns of the social stigma associated with microchips

the decision to augment ourselves should not hold any weight in regards to the issues of faith or morality provided that the decision is still left with the individual and not a mandate from any type of authority like i said earlier not all of us are friendly but most of us are finally how far is too far we briefly touched on the tesla neurolink and the peg leg these are two very different products with broad sweeping ramifications for the individual as well as the employers in law enforcement i remember a movie from back in 1995 called johnny mnemonic where the lead the lead actors had has a hard drive in his brain and it's used as a storage

device by a courier for stolen data or the matrix where we learn a new skill just by uploading the information the instruction set and then we have it you know the genie's out of the bottle and there's no way that it's going to go back in as technology continues to advance and improve the quality of life we need to remember that any tool regardless of what its original intent was can be misused as security professionals we need to be aware of this and adapt our countermeasures to include these new attack vectors the fact that there's nothing unilateral across the board as far as legislation within the united states or europe to the best of my knowledge

this becomes a corporate decision on how to address shipped employees without a better understanding of the technologies being discussed these choices may be made for the wrong reasons to say anyone with an implanted technology is an automatic threat would be like saying that any car owner is a potential vehicular manslaughter suspect so i want to give you a couple of takeaways in the next couple of weeks audit your contactless protocols for vulnerable technologies if there's anything at all know what it is within the next three months take you should have a really good understanding of the scope of your vulnerabilities as well as starting to evaluate and define the addition of new security protocols to add a second

factor to your contactless configurations and within the next six months we should be at the implementation stage of that second factor this will remove an attacker's ability to compromise access with only tech excuse me uh written tag information and i wanted to take just a moment to talk about some of the mitigation strategies around both nfc and rfid you know look into switches switches require both the rfid tag as well as a code to be entered into a keypad essentially contactless mfa lock passwords this is a 32-bit password which must be transmitted before the tag will transmit its data utilizing this will take care of skimmers basic access control the reader must supply a specific key before the tag

will reveal any personal information blocking potential skimming mutual authentication in this process the sensor will send a line of code to the tag which will decipher it using the key which is known to both entities if the tag is successful it can send then send a line of code similarly deciphered to the reader once both the tag and the reader are certain that neither is an imposter they can transmit their data this method prevents anyone from stealing any data from that tag let's take a minute to talk about nfc the most important advice in regards to nfc if you're not using it turn it off stay on top of patch management as manufacturers update firmware be

vigilant in staying current education educate your employees that about the fact that nfc is a non-secure protocol at its core and utilize blocking shields for tags when not in use and just to prove the the seriousness of the idea of blocking shields i actually had faraday gloves created for me to be able to put on my hands to shut my tags off so that is about all i have today uh i do have a few minutes left as far as i can tell i think uh so i will be able to take just a couple of questions finally i wanted to provide just my information one more time uh i'd like to say first and foremost

again thank you to the b-sides barcelona for giving me the opportunity to speak and i hope that you found this presentation educational as well as entertaining so thank you very much and i'll i am open to questions at this time thank you very much len that was very interesting and this is like mind-blowing the first time i i heard about this and so far like we don't have any questions on the q a but i do have questions uh and i can't for some reason soon does not allow me as a host to ask on the q a so uh i get the time to to ask them here so my first question is around the maintenance

of the implants like what is it like do you have to patch your implants from time to time no no they're static tags so they essentially just are in a static state uh there hasn't been any firmware type of updates to them uh if there are then i would be definitely staying on top of that but at this point they're just passive tags that get all power from the reader and you know like i was saying earlier you know i do i added the biosensing magnet this one is not a lifting magnet this one if i get actually close to magnets or large motors i can actually feel the electromagnetic current from a physical pen testing perspective

if we're dealing with magnetic locks on the outside of a building that gives you the ability to run your hand over the walls to locate where those electric lines are that would be going to that magnetic lock at which point then you can try and do some type of interruption of service to that to bypass those locks so yeah everything on me all of my implants are for the sole purposes of offensive technology cool cool uh so another question is like as i said this is like the first time i heard about it so i'm curious if there is uh any type of books that talk more in depth about all of this to be honest i'm the for the best of my

knowledge i'm the first one of us that's actually come out and spoke on these topics in a large forum there are quite a few open testers that i do know personally that do have implants for the purposes of red team exercises and physical penetration testing but to the best of my knowledge back uh i did i've introduced this topic at rsa this year this last february in the u.s but i do believe i'm one of the first uh there's an amazing you know again i don't get a kickback from dangerous things but they are probably one of the best commercial grade implant manufacturers their forums are some of the most knowledgeable if this is something that

anybody even finds remotely interesting i would highly suggest just go over there join the forums you don't have to be a transhuman or somebody with an implant to join but they're very friendly very open and we can you know if you have any questions we are more than welcome to answer them everything from uh you know you know what what type of answers to give potential zealots about being implanted to how do you secure your implants at places like def con or black hat you know it's it's a great resource for anybody that's into the implant technology and contactless bio human transition interesting thank you so much questions is when you decide like you want to build

one of these implants like where do you go do you go to your doctor and tell us like i need you to implant this on me um i i know that there are some people that have gone to doctors to have them put in here within the in where i live we actually have body modification parlors that do body piercings and brandings and uh that my all of my implants were actually put in by uh my body modification expert his name is actually pineapple shout out to pineapple at shaman tatsu her shaman modifications here in austin texas uh but if you're interested in something like this one other thing that is on the dangerous things forum is a

installers forum and there are different people in multiple countries around the world that actually do do the implants because it's definitely not something that you would want to go to someone that has never done it uh unless it's one of the glass encapsulated implants that just comes in a preloaded large gauge syringe kind of like you would expect with a like a body piercing and it's just injected any of the flex series do require scalpels dermal elevators stitches and it's it is a minor surgery so again if that's something you're interested in definitely check the the installers list off the forums to find somebody that is knowledgeable in this processing procedure awesome thank you for the for that and

my last question i believe right here is about the off switch you mentioned that there is no off switch right now so that kind of two questions like one is why uh is there like any is there like a some kind of blocker that does not allow to have something yeah yeah the reason like i said right now we have no ability to power any type of commercial grade implant internally so your rfid nfc all the chips that i have and i would say pretty much all the chips that are out there on the market today i mean there's there's a really cool one that just came out in the uk it's called the wallet more

and it allows you to actually link your debit card to this implant and allows you to use your hand on the tap to pay systems like apple pay or android wallet um to turn them off you do need you know allow me to back up like i said these are all passive tags once they're written they just sit there they get all power from the readers there's no internal power so there is no way to really turn it off outside of using faraday cloth or some type of blocking shield to that point like i said at the end of my my session there i actually went out and bought faraday blocking fabric and actually paid a seamstress to sew it

inside of a pair of gloves so that's the only way that i can be sure somebody else isn't trying to write data to my implants at places like def con or black hat or you know some of the other security conferences that i go to so yeah it's just a matter of once you write it you're utilizing the power from the reader to perform the right action and once that gets taken away it just stays in a passive state until another power device is close enough to actually power the chip and read cool thank you very much so that is all the questions i have for the moment uh so some people might contact you in this

lag or on social networks and stuff like that it was very interesting thank you very much i'm looking forward thank you so much for the opportunity you need to write a book now uh i i would buy it uh you know even like uh uh both like a real type of food like technical but even also like a fictional book i think would be very interesting read it so yeah think about it i will thank you thank you barcelona for the opportunity and uh maybe i'll get to see you guys again sometime on my next tour yeah website thank you thank you so much