informa
Security Insights

If I Stick A USB Stick Up My Nose, Does That Mean I'm Virus-Infected?

A British scientist has claimed to be the first human to be "infected" by a computer virus.
A British scientist has claimed to be the first human to be "infected" by a computer virus.Dr. Mark Gasson, a senior research fellow working at Reading University's Cybernetic Intelligence Research Group, told the BBC he has infected himself with a computer virus after implanting an RFID chip into his hand.

That's the kind of device normally used to tag pets in case they get lost -- but at Reading University scientists are using them to open security doors, unlock their mobile phones and -- it appears -- spread viruses.

Dr. Gasson breathlessly told BBC technology correspondent Rory Cellan-Jones that in the future pacemakers and other implants could be vulnerable to computer virus infection.

But hang on a minute. What's the real threat here?

First of all, it's irrelevant that Dr. Gasson implanted the RFID chip under his skin. It makes no difference to its ability to infect other devices. He could just as easily have put it in the lining of his jacket or chipped his Siamese cat.

Second, is the RFID chip really infectious? Well, no. Not really.

As I explain on my blog, the infection entirely relies on the external RFID reader containing a security vulnerability that would be exploited when it read the code from the RFID chip.

Aside from the problematic issues involved with how hackers would infect the RFID chips in the first place I think that's a pretty unlikely series of events.

This hasn't prevented the researchers in Reading from getting an enormous amount of coverage, of course -- most of which was completely unquestioning as to whether this was a real threat.

I really would hope for better from our scientists than this kind of scaremongering.

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his award-winning other blog on the Sophos website, you can find him on Twitter at @gcluley. Special to Dark Reading.

Recommended Reading: