Have you ever wanted to hack Android phones so badly that you underwent a surgical procedure? Probably not. The same can’t be said from some guy named Seth Wahle, who recently implanted an NFC chip in his hand so he can infect your Android phone simply by holding it.
Call him crazy. Call him an evil genius. Call him a super nerd. I’m sure he’s heard it all before. Seth’s story is certainly interesting.
An “Unlicensed Amateur” Injected the NFC Chip with A Syringe
Once Seth decided that he wanted to get an NFC chip implanted in his hands, he began to put the pieces together.
First, he needed an NFC chip that was safe to put inside his body. That’s not something you can order from Best Buy or Amazon.
Seth eventually purchased Schott 8625 Bio-glass capsules embedded with NFC tags from China. These capsules are designed to track livestock: you implant them in farm animals to make sure you know where your cows are at all times.
Surprisingly, the bio-neutral tubes work on humans as well.
The next challenge was finding a doctor who was willing to implant a foreign object in Seth. That proved impossible: the vast majority of doctors won’t perform body modifications on their patients.
Seth turned to an “unlicensed amateur” who injected the chip using a special syringe.
That’s right: Seth just looked up someone on Craigslist (presumably) and had that person inject his hand with an NFC chip.
Seth Can Hack Phones Just By Picking Them Up
As much as we like to laugh at Seth today, it turns out his procedure worked: today, he can pick up an Android phone and the NFC chip in his hand will signal that phone to visit a malicious webpage.
Here’s the bad news: it’s not like Seth can just walk around his city infecting people’s phones at will. After the phone visits the malicious web page, it attempts to download a file. Then, the user has to manually approve that file, which typically involves disabling a security setting from the settings menu.
Once the file is downloaded, it installs an app. That app connects to a remote server, which then allows the attacker to take control of the device.
Fortunately, Seth isn’t an awful man (although he is a strange one). Instead of stealing someone’s information, that app simply takes a picture of the user.
Seth Wahle is planning to demonstrate his journey at the Hack Miami conference later this month.
The only question is: what happens when he wants to change the NFC chip to a different webpage? And why bother injecting the NFC chip into your hand when you can, you know, just hold it in your hand or hide it under a glove or something?