Vulnerability of brain implants to cyber-security attacks could make “brainjacking”, which has been discussed in science fiction for decades, a reality, say researchers from the University of Oxford.
Writing in The Conversation, an Australia-based non-profit media, Laurie Pycroft discussed brain implants as a new frontier of security threat.
The most common type of brain implant is the deep brain stimulation (DBS) system.
It consists of implanted electrodes positioned deep inside the brain connected to wires running under the skin, which carry signals from an implanted stimulator.
The stimulator consists of a battery, a small processor, and a wireless communication antenna that allows doctors to programme it. In essence, it functions much like a cardiac pacemaker, with the main distinction being that it directly interfaces with the brain, Pycroft explained.
DBS is widely used to treat Parkinson’s disease, often with dramatic results, but it is also used to treat dystonia (muscle spasms), essential tremor and severe chronic pain.
Targeting different brain regions with different stimulation parameters gives neurosurgeons increasingly precise control over the human brain, allowing them to alleviate distressing symptoms.
However, this precise control of the brain, coupled with the wireless control of stimulators, also opens an opportunity for malicious attackers.
“In light of recent developments in information security, there is reason to be concerned that medical implants are vulnerable to attack,” Pycroft and his colleagues wrote in a recent paper published in the journal World Neurosurgery.
Examples of possible attacks include altering stimulation settings so that patients with chronic pain are caused even greater pain than they would experience without stimulation.
Or a Parkinson’s patient could have their ability to move inhibited.
A sophisticated attacker could potentially even induce behavioural changes such as hypersexuality or pathological gambling, or even exert a limited form of control over the patient’s behaviour by stimulating parts of the brain involved with reward learning in order to reinforce certain actions.
Although these hacks would be difficult to achieve as they would require a high level of technological competence and the ability to monitor the victim, a sufficiently determined attacker could manage it, Pycroft said.
“Researchers, clinicians, manufacturers, and regulatory bodies should cooperate to minimize the risk posed by brainjacking,” the researchers wrote in the journal.