A boffin at the University of Reading has claimed he is the first man in the world to become infected with a computer virus.
Dr Mark Gasson from the University of Reading contaminated an electronic chip which was then inserted into his hand. Although he admits the test was a proof of principle he warned that his research will now have huge implications for a future where medical devices such as pacemakers and cochlear implants become more sophisticated, and risk being contaminated by other human implants.
The chip, a high-end Radio Frequency Identification (RFID) chip, which is used in shop security tags and planted in pets to help find them if they go missing, was implanted into Dr Gasson’s left hand. He used this to gain entry into the university building, and could also be tracked by staff. However, once the chip became infected it corrupted the main system used to communicate with it.
Dr Gasson said this could have led to the virus being passed on if other devices had been connected to the system: “By infecting my own implant with a computer virus we have demonstrated how advanced these technologies are becoming and also had a glimpse at the problems of tomorrow,” he said.
“Our research shows that implantable technology has developed to the point where implants are capable of communicating, storing and manipulating data. They are essentially mini computers. This means that, like mainstream computers, they can be infected by viruses and the technology will need to keep pace with this so that implants, including medical devices, can be safely used in the future.”
However, the research has gone down badly with industry experts who claim the research is “scaremongering.”
Security experts at Sophos said that while it is possible to put any software code onto an RFID chip, the code would not be read until an RFID reader came into contact with the affected RFID chip. Furthermore, the software connected with the RFID reader itself would need to have a security vulnerability in order to allow the malicious code to be run.
Graham Cluley, senior technology consultant at Sophos, said: “Scientists should be responsible in how they present their research, rather than hyping up threats in order to get headlines.
“Any virus code on the RFID chip would be utterly incapable of running unless a serious security hole existed in the external device reading it. RFID chips normally just have data read from them, rather than ‘executed’, so the chances of a virus infection spreading in this fashion is extremely remote. Frankly, I’ve got more chance of being flattened by a falling grand piano than I have of getting my dog infected by a PC virus next time I take him to the vets.”
The company accused the scientist of carrying out the research in order to gain column inches, claiming that staff at the University of Reading have courted the media on many occasions with tales of how they have implanted RFID chips into their bodies.
“The scientists in Reading seem more interested in implanting chips inside themselves rather than their pet cat – but the fact remains that it makes no difference if an RFID chip is injected under your skin or stitched into the lining of your jacket,” explained Cluley.
“The main progress that appears to have been made from such research is not a contribution to computer security, but a full-proof method of ensuring that university staff don’t forget their office door pass in the morning. Predictions of pacemakers and cochlear implants being hit by virus infections is the very worst kind of scaremongering.”