Could your brain be a target for hackers?
Implanted brain stimulation devices are used by scientists to explore how memories are created in the brain. New research shows that vulnerabilities mean they could be be targeted in future to steal personal information, alter or erase memories or cause physical harm.
Sound like science fiction? Researchers from Kaspersky Lab and the University of Oxford Functional Neurosurgery Group have used practical and theoretical analysis to explore the very real vulnerabilities that could exist in implanted devices used for deep brain stimulation.
Known as Implantable Pulse Generators (IPGs) or neurostimulators, these devices send electrical impulses to specific targets in the brain for the treatment of disorders like Parkinson's disease and severe depression.
Researchers found a number of existing and potential risk scenarios, each of which could be exploited by attackers. These include misconfigurations in an online management platform popular with surgical teams, which could allow an attacker to access sensitive data and treatment procedures.
Other risks include insecure or unencrypted data transfer between the implant, the programming software and any associated networks, as well as design constraints intended to ensure patient safety. For example if a medical implant needs to be controlled by doctors in emergency situations, including when a patient is rushed into a hospital far from their home. This precludes use of any password that isn't widely known among clinicians. It means that by default such implants need to be fitted with a software 'backdoor.'
Insecure behavior by medical staff is a problem too, with devices holding patient-critical software found being left with default passwords, used to browse the internet or with additional apps downloaded onto them.
While you may not need to worry about this too much now, within five years, scientists expect to be able to electronically record the brain signals that build memories, and then enhance or even rewrite them before putting them back into the brain. A decade from now, the first commercial memory boosting implants could appear on the market -- and, within 20 years or so, the technology could be advanced enough to allow for extensive control over memories.
It could therefore become possible to undertake the mass manipulation of groups through implanted or erased memories; while 'repurposed' cyberthreats could target new opportunities for cyberespionage or the theft, deletion or 'locking' of memories (for example, in return for a ransom).
"Memory implants are a real and exciting prospect, offering significant healthcare benefits," says Laurie Pycroft, doctoral researcher in the University of Oxford Functional Neurosurgery Group. "The prospect of being able to alter and enhance our memories with electrodes may sound like fiction, but it is based on solid science, the foundations of which already exist today. Memory prostheses are only a question of time. Collaborating to understand and address emerging risks and vulnerabilities, and doing so while this technology is still relatively new, will pay off in the future."
You can find out more about the study on the Kaspersky Securelist blog.