Biohacker: The Invisible Threat
Len Noe provides a brief overview of the types of bio-implants on the market & shares case studies on the potential damage malicious biohackers can inflict.
Biohackers exist and walk among us. Most security professionals would not allow users into their environment with offensive security tools. How do you address individuals who have surgically implanted such devices into their bodies?
I have multiple sub-dermal implants that range from NFC, HID/Prox, and RFID devices. This allows me to become the attack vector. In this talk, I provide a brief overview of the types of bio-implants on the market and share various case studies on the potential damage malicious biohackers can inflict. I also demonstrate how I am able to quickly compromise loosely connected devices and open a reverse TCP Shell to a CnC server through my attack L3pr@cy in under three minutes.
Finally, I show how I steal HID Proximity Card Data and write that back to the implant. This avoids any physical evidence of a breach. This also allows me to gain access to data as well as physical access to secured locations.
As security professionals, we must anticipate the unknown. These include any individuals that enter our facilities or are simply around us in public. These types of attacks are becoming more common and are unknown to most in the security community. What was once thought to be science fiction is now science fact. By continuing to educate the security community about phishing and social engineering attacks, tightening MDM restrictions, endpoint management, behavioral analytics, least privilege, and privileged access, we can take preventive measures around the threats we can’t see.
Len Noe is a Technical Evangelist, White Hat Hacker, and BioHacker for CyberArk Software. Noe is an international security speaker who has presented in over 32 countries and at multiple major security conferences worldwide. Prior to 2001 Noe was a Black/Grey Hat Hacker and learned most of his skills by practical application.
Noe has spent 20 years working in the areas of web development, system engineering/administration, architecture, and coding; for the past nine years, he has focused on information security from an attacker’s perspective. He also actively participates in the activities of the information security communities in Texas, the Autism Society, and many others.
This session will be recorded and a copy of the video will be posted on this page as well as on our YouTube Channel.