The Basic Tech To Hack Someone’s Brain Exists Today

While we worry cybercriminals may be able to hack the human brain at some point far in the future, turns out the basic tech to do so exists today… Yikes.

This research comes from Kaspersky Lab and the University of Oxford Functional Neurosurgery Group, which shows how scientific research into how memories are created in the brain (for positive purposes such as restoring incomplete memories or enhancing them with implants) could introduce a newfound wave of cyber threats.

Anyone who has ever watched sci-fi knew this was going to be a very real problem, but the next level of panic here comes from the fact that a lot of the tech that will drive this exists right now. 

Combining practical and theoretical analysis to explore current vulnerabilities, it seems that the first target would be implantable pulse generators (IPGs) - used to send electrical impulses to specific areas in the brain for the treatment of such disorders as major depression, obsessive-compulsive disorder, essential tremor and Parkinson’s disease.

The latest generation comes with management software that both the clinicians and patients, installed on standard smartphones or tablets, and connected via standard Bluetooth…you can start to see where this vulnerability is!

This leaves plenty of exploits:

1. Unencrypted data transfer between the implant and device

2. Exposed infrastructure of the online platform

3. Insecure behaviour by medical staff like providing basic passwords and talking publicly about it

4. Design constraints leading to simple backdoors - like the forced overruling of any implant security in the case of a medical emergency (the doctor will need to get on the platform fast)

So that’s the practical analysis, which is already scary enough… The theoretical research comes from looking at technological trends going forward. And this isn’t some simple assumptions like 5G by 2020 like what you saw from my CES 2019 blog, but a look to the future of the cutting edge. 

You see, innovation in this area doesn’t stop at IPGs, it continues through to more advanced neurostimulators - built alongside a deeper understanding of how the human brain forms and stores new memories.

What does that mean? Simply put, scientists expect to be able to electronically record the brain signals that build memories, enhance or rewrite them, then put them back into the brain within five years (holy crap). A decade from now, you can expect the first commercial memory boosting implants and, within 20 years, the tech could be advanced enough to allow for “extensive control over memories.”

Now, just imagine that tech having an exploit. Smartphones and computers have usually only been stores of information that usually isn’t life affecting (even though losing it would suck, not underplaying that at all). But this would be our memories - mass manipulation of groups through erased memories of political events or conflicts, cyber-espionage, theft, deletion or ‘locking’ of memories in exchange for a ransom. 

It’s Black Mirror meets Inception with a generous seasoning of Nineteen Eighty-Four for good measure - a horror hybrid that is bloody terrifying, but not something that should limit the rate of progress.

“Memory implants are a real and exciting prospect, offering significant healthcare benefits. The prospect of being able to alter and enhance our memories with electrodes may sound like fiction, but it is based on solid science the foundations of which already exist today,” Lauri Pycroft, doctoral researcher in the University of Oxford Functional Neurosurgery commented.

"Memory prostheses are only a question of time. Collaborating to understand and address emerging risks and vulnerabilities, and doing so while this technology is still relatively new, will pay off in the future.”

Dmitry Galov, junior security researcher at Kaspersky Lab proposed an idea - “We need to bring together healthcare professionals, the cybersecurity industry and manufacturers to investigate and mitigate all potential vulnerabilities, both the ones we see today and the ones that will emerge in the coming years.”

The message is clear - cybersecurity is an increasingly important issue to people. I’d already call it crucial, but once technology becomes married to the human body in such a way that it connects directly to our brains, then it becomes the primary factor.

Is it a necessity? For the wider consumer, all signs point to “no,” but the technology is already working wonders in the medical space. But if it comes to the wider public (and it’s fair to assume it will in the next two decades), then security is not just a nice-to-have feature anymore.