- Exclusive
- Technology
- Cybersecurity
Meet Len: The hacker with 10 implants in his body
By David Swan
It sounds like something that could only exist in a science fiction novel, but one look at American hacker Len Noe proves that it’s real.
Noe is one of a growing number of “transhumans” – people who implant microchips into their bodies in a bid to improve their technology capabilities.
Ethical hacker Len Noe often uses social engineering to quickly hack into your device in a matter of seconds through what’s called a URL redirection attack.Credit: Getty Images
A professional ethical hacker, Noe has 10 implants in various parts of his body that he uses for offensive security purposes. They enable him to bypass security protocols, let himself into buildings and hack into people’s smartphones.
Noe is a very human, physical iteration of what has traditionally been a digital threat.
American hacker Len Noe.Credit:
In an interview ahead of a visit for the CISO Melbourne event on July 16 and 17, Noe said that far from being confined to science fiction, transhumans walk among us today, presenting unique and unprecedented security challenges.
“I have 10 different microchips that I use in my body. I can interface into over 300 different physical access badging systems, I can deal with RFID, NFC, I have magnets in my fingers and a credit card in my hand,” Noe said.
“You can’t just call up a doctor and say, ‘Hi, I’d like you to take this thing that I bought off the internet and surgically put it into my body for me’, I would have probably been redirected to the psych unit.
“So, I use what’s known as a body mechanic – the same people who would split your tongue or put a ring through your nose. I work exclusively with one gentleman named Pineapple Tangaroa; he installed the first implant of a Tesla key card into a person.”
The implants are powered using inductive charging – the same technology to wirelessly charge smartphones – and Noe claims they don’t set off airport scanners.
Noe often uses social engineering – he might ask to show you a funny video on your phone for example – to then quickly hack into your device in a matter of seconds through what’s called a URL redirection attack.
Almost all modern smartphones have an NFC chip – the technology that underpins Apple Pay and Google Pay – and Noe can typically use that to commandeer a smartphone in less than 30 seconds. He can also quickly copy your corporate key card.
“The amount of personally identifiable information on your cell phone is at least 100 times what’s in your wallet,” Noe said. “And in the US, we have health and privacy laws, and these implants are considered medical because they’re inside my body, which means the authorities are not even allowed to ask about them.”
Noe said a rough upbringing on the streets of Detroit, where he spent 15 years in various bikie gangs, led to a wake-up call in which he decided he wanted to use his hacking skills for good, not evil. He now works for Israeli cybersecurity provider CyberArk, where he serves as the company’s tech evangelist and commits attacks himself to better understand how hackers think and work.
The hacker’s next project, which he has been working on for the past 18 months, is to surgically implant a small computer into his leg. He also has a book coming out later this year, Human Hacked: My Life and Lessons as the World’s First Augmented Ethical Hacker.
‘Ignorance to the existence of people like me and the capabilities that we have is what will allow me to bypass your security.’
The key message he is trying to deliver is simple. “I want to open the eyes of the rest of the world that there is a subspecies that is here. And we’re not necessarily all dangerous, but some of us are,” he said. “Ignorance to the existence of people like me and the capabilities that we have is what will allow me to bypass your security.
“How do you stop an attack if you don’t know that it exists? In Melbourne, I’m going to be showing five different attacks that will prove the devastation and the capabilities of these type of implants.”
Noe’s other message is that a lot of time and energy has been spent on cyber defences and digital security, but that physical security is often overlooked.
“When you log in now, you have multifactor authentication to help prove who you are. But we still have doors that go into physical locations with a single point of access.
“Physical security, in my opinion, is the larger threat that the transhuman poses, but we need to give our physical locations at least the same scrutiny that we give to our digital.”
The Market Recap newsletter is a wrap of the day’s trading. Get it each weekday afternoon.