Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/23/2008
02:04 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Radio Implants And GPS To Thwart Kidnappers? Don't Think So

In the face of rising kidnappings in Mexico, a number of more affluent Mexicans are opting to have minute radio transmitters implanted under their skin so they can, presumably, be located by the authorities if they're ever kidnapped. This is a bad idea.

In the face of rising kidnappings in Mexico, a number of more affluent Mexicans are opting to have minute radio transmitters implanted under their skin so they can, presumably, be located by the authorities if they're ever kidnapped. This is a bad idea.In the news story, "Mexicans get microchipped over kidnapping fears," NewScientist explains that the maker of the device, Xega, implants a grain-sized, crystal-encased transmitter under the skin. Users of the service must also hold a GPS-enabled device equipped with a panic button. Should the wearer find himself or herself in duress, they'd press the panic button and their location is transmitted to Xega.

People are actually opting to buy this. From the NewScientist story:

Cristina, 28, who did not want to give her last name, was implanted along with seven other members of her family last year as a preventive measure. "It's not like we are wealthy people, but they'll kidnap you for a watch. Everyone is living in fear," she says. The chips cost US$4,000, plus an annual fee of $2,200.

Most people get the chips injected into their arms between the skin and muscle where they cannot be seen.

It's easy to see the motivation to buy the device -- this Reuters story says "official" government statistics peg the number of kidnappings in Mexico last year at 751, but independent researchers estimate those numbers probably exceeded 7,000.

While some technologies can certainly enhance security, this one isn't one of them. It's a clunky design, requiring both the implant and the GPS transmitter, and is too easy for criminals to circumvent. Consider the anti-carjacking technology LoJack -- that technology reduces the risk of carjacking for everyone because would-be carjackers don't know which autos are LoJack-enabled and which aren't, thereby making it a gamble to steal any given car.

All these implants are going to do is guarantee that those kidnapped are instantly handcuffed and strip-searched for the handheld device, and bolster Xega's ability to profit on fear.

Should I ever become kidnapped, the first place I'd likely tell the world is in on my Twitter-stream on Twitter, where I also often post security observations throughout the day.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16123
PUBLISHED: 2020-12-04
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by...
CVE-2018-21270
PUBLISHED: 2020-12-03
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
CVE-2020-26248
PUBLISHED: 2020-12-03
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
CVE-2020-29529
PUBLISHED: 2020-12-03
HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks.
CVE-2020-29534
PUBLISHED: 2020-12-03
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.