The brain is a constantly evolving organ and its functioning raises many questions. For example, scientists are working on discovering how memories are created in the brain so that they can be targeted, restored and enriched with implants, and the necessary technologies already exist in the form of deep brain stimulation devices. Nevertheless, in the future, cyber attacks could exploit memory implants to steal, spy, modify or control human memories, although the most extreme threats are not likely to occur for several decades. So there are vulnerabilities in connected software and hardware that need to be addressed to prepare us for the threats ahead, according to a new study by researchers at Kaspersky Lab and the Functional Neurosurgery Group at Oxford University.
Dn the dystopian television series Black Mirror, A chip implanted in the brain allows users in the near future to record and replay everything they see and hear. In the episode "The entire history of you" of fiction, that ability ultimately proves devastating. Despite this, a recent YouGov revealed that 29% of viewers would be willing to use the technology if it existed.
Our desire for memories is overwhelming. From our most precious personal experiences to the academic knowledge that allows us to pass exams, our lives are enriched and even defined by the memories we have. As a result, the loss or decline of memory, for example as a result of illness or accident, affects our ability to function normally and our overall quality of life.
If the Black Mirror sounds a little too much like science fiction, it's worth noting that we're already in the process of understanding how memories are created in the brain (Source: MIT Technology Review). From experiments were undertaken by DARPA (U.S. Defense Advanced Research Projects Agency) as part of its program to assist military personnel whose head injuries have impaired their ability to form memories.
The necessary hardware and software for this purpose also exists. Neurostimulators, connected implants that can target and stimulate the brain to regain function, are used to treat the symptoms of Parkinson's disease and even depression. In five years, we may be able to electronically record the brain signals that build memories, then improve or even rewrite them before putting them back into the brain.
To function effectively, any memory implant will need to communicate via a wireless network with a handheld device and healthcare professionals. Unlike other implants, such as pacemakers or insulin pumps, neurological implants have more complex functions and are vulnerable to cyber attacks with a wider range of consequences, including the potential influence on a patient's thoughts and behaviours. This therefore raises many moral, ethical and legal questions, but also important cyber security issues. How can we best prepare for the threats and vulnerabilities that may target this rapid evolution in the years and decades to come? The Memory Market project considers that the first and most important step is to understand the current and emerging threat landscape, to become aware of it and to identify the points most at risk. Researchers at the Kaspersky Lab and Oxford University have undertaken a practical and theoretical examination of the threat posed by functional neurosurgery in the context of neurostimulators and their supporting infrastructure. This report is the result of that research.
Brain-stimulation implants, useful in medicine but vulnerable to cyber-attacks
Researchers combined practical and theoretical analysis to explore the current vulnerabilities of implants used for deep brain stimulation. Called Implantable Pulse Generators (IPGs) or neurostimulators, these devices send electrical impulses to specific targets in the brain for the treatment of disorders such as Parkinson's disease, essential tremor, major depression or OCD (obsessive compulsive disorder). The latest generation of these implants is accompanied by management software for both physicians and patients, installed on professional tablets and smartphones. The connection between the different devices is based on the standard Bluetooth protocol.
Researchers have identified a number of existing and potential risk scenarios, each of which could be exploited by attacks :
- Exposure of Connected Infrastructure: Researchers discovered a serious vulnerability and several worrisome misconfigurations in an online management platform that is widely used by surgical teams, vulnerabilities that could lead an intruder to sensitive data and processing procedures.
- The transfer of unsecured or unencrypted data between the implant, programming software and associated networks could allow malicious manipulation of a patient's implants or even entire groups of patients connected to the same infrastructure. This could result in the modification of settings leading to pain, paralysis or the theft of personal, private and confidential data.
- Due to design constraints, patient safety takes precedence over data safety. For example, a medical implant must be able to be controlled by physicians in emergency situations, such as when the patient is hospitalized far from home. This excludes the use of any passwords that are not widely known to medical staff. In addition, it implies that these implants have a "backdoor" by default.
- Unsecured behaviour of medical staff: Critical software often keeps their default passwords, used to access the Internet or downloaded additional applications.
Constantly evolving scientific and medical methods that require cybersecurity support
Addressing these vulnerabilities is critical because researchers believe that in the coming decades, more advanced neurostimulators and a deeper understanding of how memories are formed and stored in the human brain will accelerate the development and use of such technologies and create new opportunities for cyber attacks.
Over the next five years, scientists believe they can electronically record the brain signals that create memories, then enrich or even rewrite them before reimplanting them in the brain. Within a decade, the first commercial implants to stimulate memory could be on the market, and within two decades, the technology could be sufficiently advanced to allow for advanced control of memories.
Among the new threats that will emerge could be the mass manipulation of populations by planting or erasing memories of political events or conflicts, while "redirected" cyberthreats could target new opportunities for cyber-espionage or the theft, deletion or "locking" of memories (e.g. for ransom extortion in exchange for unlocking them).
Illustration of the possible evolution of memory implant technology over the next few decades and the associated cyber threats.
Dmitry Galov, Junior Security Researcher with the GReAT team at Kaspersky Labcomments Current vulnerabilities are to be taken seriously because the technology that exists today is a harbinger of what will come in the future. Although no attacks on neurostimulators have yet been observed, there are weaknesses that will not be difficult to exploit. We need to bring together healthcare professionals, cyber security specialists and manufacturers to study and correct all potential vulnerabilities, whether they are already visible now or will appear in the years to come. »
Especially since, according to Laurie Pycroft, a doctoral researcher in the Functional Neurosurgery Group at the University of Oxford, "Memory implants are a very real and exciting prospect, offering considerable health benefits. While the idea of being able to modify and enrich our memories with electrodes may seem like science fiction, it is based on solid scientific foundations that already exist. It is only a matter of time before memory prostheses are available. Working together to identify and address emerging risks and vulnerabilities, while this technology is still relatively new, will pay off in the future. »
Header photo : Poster of the season 3 of Black Mirror
Anything to add? Say it as a comment.
