Software engineer Miana Windall has about 25 implants under her skin, ranging from magnets to RFID tech. While that might make your skin crawl if you’re squeamish, “for the most part, they’re not really noticeable,” she told Engadget. At the DEF CON security conference on Thursday, Windall talked about how she became interested in the implants, and her experience programming them for personal use, like scanning into her former office building.
RFID tech powers scannable technology like subway cards or tap to pay. The relatively simple tech was first patented in the 1970s, and body modification dates back millennia. Despite this, RFID implants still haven’t reached their full potential, and they’re still a gimmick for a lot of people, Windall said. But if you want to go clubbing and not bring a bag, you can buy the right style of lock and implant a sensor that you can’t lose to scan in and out of your home.
Still, they’re not magic. “Chip implants don’t work like Hollywood movies,” founder of biohacking and implant service Dangerous Things Amal Graafstra told Engadget. “They’re not even active or alive or energized when there’s no reader that is within a very close proximity”
That means the scope of use for RFID implants is pretty limited and it’s mostly a foundational tech that you’d have to be able to hack yourself for it to be useful. There are limited out-of-the-box use cases, like the Tesla keycard implant that lets you start your car, but usually a user has to be able to copy certain key configurations onto it themself. “When we sell the transponder, we’re selling a key but not the lock,” Graafstra said. The user has to have some technical savvy to make “the lock.”
It’s helpful to know that before going to a body modification artist or piercer to get one put in, or else you might end up with a chip you can’t use. “Do your research and make sure what you want as possible before you have surgery,” Windall said. Although, Windall herself does have some inactive ones that are harmless to keep under the skin.
Companies are now looking for ways to use RFID implants as security tools, too. There’s an inherent vulnerability associated with RFID tech because it requires access credentials to be open to being stolen. But having those credentials as an implant at least prevents someone from easily stealing your access card or information.
“The chances of someone coming along and being able to scan your credential without you knowing about it, it’s probably not that high,” Windall said. “You can’t have your hand pickpocketed, at least not without a machete.”
Plus as authentication becomes more important to prevent unauthorized account access, these implants could be used to prove your identity. As companies look to replace two-factor authentication with passkeys, putting those credentials under your skin could be possible. Your passkey can be uploaded to a chip implant that can verify your identity, as opposed to a hardware key that could get lost or a text message verification that can be duped, according to Graafstra.
RFID implants don’t require FDA approval because they’re not medical devices. While they appear generally safe and secure, there are risk factors to consider, according to professor in the College of Media at the University of Colorado Boulder Harsha Gangadharbatla, PhD.
“Consumers should be fully aware of the “hidden” costs (privacy, risks, and advertising messages) associated with such tech and not just the cost of getting such implants,” he said in an email to Engadget.