I might have a chance to create a new implant-aware product

anon3825968 · February 25, 2021, 9:52pm

One of the devices my company sells is a military product that clips onto a rifle’s Picatinny rail and provides - amongst other things - 3 high-power target illuminator lasers and several communication options including Bluetooth to talk to other target engagement weapon-mounted accessories. I can’t say much more than that obviously… Unlike most of our products, this one was built entirely on customer-supplied specs,

The lasers are powerful enough that they’re a real hazard to eye safety. So the device requires a special “wartime” control cable and explicit settings in the menu to enable the high-power mode. Kind of annoying, and kind of costly too since we need to supply two control cables (training and wartime) with each device, and the plugs for those cables are $50 apiece.

Earlier this afternoon, I was pouring over the firmware’s code to find an odd bug when I spotted an NFC folder in the repo. I looked inside it, and found what looked like a fully-functional ISO14443 stack in there. In the main code, I also found a disabled section of code with a comment that says “for future use” or something like that. Interesting.

I quizzed my boss, and he told me the customer wanted an NFC communication option when they released the specs a few years ago, but hasn’t really found a use for it since, since no other weapon-mounted accessory exists that has NFC yet. Classic case of over-design. Also, enabling it shortens the battery life considerably. Still, it has an antenna and a NFC chip built in.

I exposed a few NFC library calls in the main comm API, connected a serial cable, and sure enough, it spewed out UIDs when I brought a few cards next to the coil. And… it reads my flexM1 and my IAR M1k - albeit with some difficulty with the glassie

So that gave me an idea: why not turn on NFC when the user goes into the settings to enable the high-power lasers, and enable them if a suitable tag is presented, as a additional option to the wartime control cable? In other words, soldiers with implants would not have to be issued the wartime cable. Genius!

My boss liked the idea and said he would pass it along to the customer in the next engineering change proposal. Who knows, if the concept interests them enough, yours truly might be implementing an implant-related functionality in that particular product soon - and I might get to spend time at the range to qualify the new feature too, since I’m the only one in the company with implants and shooting skills. Shooting time is always fun

amal · February 26, 2021, 1:39am

Interesting… I would guess they would want to implement some kind of signature based check… might need smartcard applet for public key cert checking / signatures… simple UID or even symmetric key based system might not be considered secure enough? Though perhaps a key derivation algo could be coded in and you could set up and key individual DESFire chips based on UID + algo = key type thing too… as long as the code wasn’t compromised that could work.

Eriequiet · February 26, 2021, 1:51am

What I’m hearing is, rosco will implement his own personal master code from his implant lol

anon3825968 · February 26, 2021, 4:05am

Well, my original idea was to replace - or rather supplement - the functionality of the wartime cable with a NFC tag to enable high-power. The wartime cable is just the training cable with an inline pulldown resistor. The idea being, when the soldiers are deployed for real, they have other things to worry about than blinding themselves with their target illuminator.

The requirement is simply that the high-power mode be disabled when the line is high. That’s how much safety is needed - i.e., not much. The main issue for the customer, as always with the military, is that it should work immediately without thinking too hard and all the time. If my little proposal is adopted, I imagine they’ll go for simple, quick and reliable. So probably UID-based, or perhaps reading some sector or some NDEF to let an entire platoon enable high-power, because the alternative security-wise isn’t worse: if a device falls into enemy hands, they’ll have the functionality with the wartime cable anyway.

Or they might want to use NFC to disable tne device entirely when an unimplanted user tries to use it (as I said, it does other things that are more “sensitive”). Then there would be a need for secure key-keeping / key sharing somehow, so the enemy can’t use the device at all. I’m not sure what form this would take though.

I know that particular customer has dabbled with RFID embedded in personal weapons as part of their “soldier of the future” program, but ultimately rejected it because of the risk of bricking the weapon if the battery runs down, or it the soldier hurt his hand where the implant is. So I doubt they’d be interested in that. But our device is an accessory that runs on batteries in the first place, and it going dead doesn’t compromise basic fighting abilities. So perhaps they’ll be interested. Why not.

johnnyhorn · February 26, 2021, 4:51am

I love the idea. I am currently in the military and I think I know what you have described and what we use it for. I suspect you are working on a new model. I can tell you from just listening to people’s responses when I tell them I getting an NFC implant once I get home from this deployment that not many people will let their government implant a chip in them to turn on/activate a laser. Please do not get me wrong I am for this application for NFC implants, others on the other hand will most likely not be so receptive.

I understand that you are under a NDA and that specifics cannot be discussed but I figured I would point out some food for thought. If this device is to read and compare a list of UIDs to activate then that will be a lot of storage. I can tell you that at least in the US military every individual will not be issued their own. The unit will have a specific number of these and will hand them out when a mission calls for it (SpecOPs excluded they get everything).

A solution to both problems that I have brought up would be to have the chip sown into the cuff of the uniform. All chips will have the same UID or information that activates the high setting. This will reduce memory size needed and the higher ups wont get much pushback from having people get implanted.

But hey what do I know? I am just and enlisted sailor. I don’t get paid to think.

anon3825968 · February 26, 2021, 6:34am

Yeah… I can’t really discuss the specifics. NDA but also NATO secret. So I’ll leave it at that

NFC implants may not (will not, probably) appeal to very many soldiers. But it may be NFC ring, cuffs like you said, wristband… whatever. Or it may simply be a special card that the armorer uses to configure the devices before fielding them. The clincher is, the NFC hardware is already sitting there doing nothing. Might as well use it, even if the use case is confidential at best: it’s not gonna cost a cent more.

johnnyhorn · February 26, 2021, 8:45am

True, but governments love to waste money. Hopefully they do end up using your idea so it doesn’t go to waste.

anon3825968 · February 26, 2021, 8:54am

That is correct. However, one thing they really, REALLY hate is doing a qualification campaign (which can run in the hundreds of thousands and take weeks or months), field something, then re-qualify and manage a new version of the same device. They hate the cost, but mostly they hate the delays and the logistics involved.

A software upgrade usually isn’t too much trouble, even if it involves a partial re-qualification. A hardware change, however minor, is out of the question though.

anon7067117 · February 26, 2021, 9:18am

Very intriguing from a technical standpoint.
That said, implants and military hardware makes me very apprehensive.