While it's possible, it doesn't seem likely. The fundamental problem with trying to use these types of devices for security applications is that they don't have enough power to do real computation, so every command to control them is just matched against a fixed string, and everything they output is just some fixed string from the rather small memory (a few also have the capability to write to memory [1]). This makes them totally vulnerable to very simple eavesdropping attacks. In fact so far as security applications go, they are just a fancy way to do plaintext passwords -- but a plaintext password you can't change without surgery, and which you give out to everyone who asks.

A different story would emerge once they can put a cryptographic function on board, but as I understand it they aren't anywhere even close to that with chips this size.

____

1. Those devices could, in principle, be used for some sort of S-Key-like protocol, if you got rid of the wireless aspects, didn't have it implanted in your body, etc.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/134/599#599