Cybersecurity

The latest cyber security threat? Brainjacking

Test person Niklas Thiel poses with an electroencephalography (EEG) cap which measures brain activity, at the Technische Universitaet Muenchen (TUM) in Garching near Munich September 9, 2014. The researchers from TUM and the Technische Universitaet Berlin (team Phypa) try to find ways to control an airplane with computer translated brain impulses without the pilot touching the plane's controls. The solution, if achieved, would contribute to greater flight safety and reduce pilots' workload. Picture taken September 9, 2014.

With advances in implant technology brain jacking is now starting to become possible. Image: REUTERS/Michaela Rehle

Laurie Pycroft
PhD candidate, University of Oxford

We live in an interconnected age where wirelessly controlled computing devices make almost every aspect of our lives easier, but they also make us vulnerable to cyber-security attacks. Today, nearly everything can be hacked, from cars to lightbulbs. But perhaps the most concerning threat is the one posed by implanted medical devices. Experts have demonstrated the ease with which security on pacemakers and insulin pumps can be breached, potentially resulting in lethal consequences.

In a recent paper that I and several of my colleagues at Oxford Functional Neurosurgery wrote, we discussed a new frontier of security threat: brain implants. Unauthorised control of brain implants, or “brainjacking”, has been discussed in science fiction for decades but with advances in implant technology it is now starting to become possible.

Global number of cyber security incidents
Image: FT

Deep brain stimulation

The most common type of brain implant is the deep brain stimulation (DBS) system. It consists of implanted electrodes positioned deep inside the brain connected to wires running under the skin, which carry signals from an implanted stimulator. The stimulator consists of a battery, a small processor, and a wireless communication antenna that allows doctors to program it. In essence, it functions much like a cardiac pacemaker, with the main distinction being that it directly interfaces with the brain.

DBS is a fantastic tool for treating a wide range of disorders. It is most widely used to treat Parkinson’s disease, often with dramatic results (see video below), but it is also used to treat dystonia (muscle spasms), essential tremor and severe chronic pain. It is also being trialled for conditions such as depression and Tourette’s syndrome.

Targeting different brain regions with different stimulation parameters gives neurosurgeons increasingly precise control over the human brain, allowing them to alleviate distressing symptoms. However, this precise control of the brain, coupled with the wireless control of stimulators, also opens an opportunity for malicious attackers to go beyond the more straightforward harms that could come with controlling insulin pumps or cardiac implants, into a realm of deeply troubling attacks.

Remote control

Examples of possible attacks include altering stimulation settings so that patients with chronic pain are caused even greater pain than they would experience without stimulation. Or a Parkinson’s patient could have their ability to move inhibited. A sophisticated attacker could potentially even induce behavioural changes such as hypersexuality or pathological gambling, or even exert a limited form of control over the patient’s behaviour by stimulating parts of the brain involved with reward learning in order to reinforce certain actions. Although these hacks would be difficult to achieve as they would require a high level of technological competence and the ability to monitor the victim, a sufficiently determined attacker could manage it.

There are proposed solutions to making implants more resistant to cyber-attacks, but makers of these devices are in a difficult position when trying to implement security features. There’s a trade off between designing a system with perfect security and a system that is actually usable in the real world.

Implants are heavily constrained by physical size and battery capacity, making many designs unfeasible. These devices must be easily accessible to medical staff in an emergency, meaning that some form of “back-door” control is almost a necessity. New and exciting features, such as being able to control implants using a smartphone or over the internet, have to be balanced against the increased risk that such features can provide.

Brain implants are becoming more common. As they get approved for treating more diseases, become cheaper, and get more features, increasing numbers of patients will be implanted with them. This is a good thing overall but, just as a more complex and interconnected internet resulted in greater cyber-security risks, more advanced and widespread brain implants will pose tempting targets to criminals. Consider what a terrorist could do with access to a politician’s mind or how coercive blackmail would be if someone could alter how you act and think. These are scenarios that are unlikely to remain purely in the realm of science fiction for much longer.

It’s important to note that there’s no evidence to suggest that any of these implants has been subjected to such a cyber-attack in the real world, nor that patients with them currently implanted should be afraid. Still, this is an issue that device makers, regulators, scientists, engineers and clinicians all need to consider before they become a reality. The future of neurological implants is bright, but even a single high-profile incident could irreparably damage public confidence in the safety of these devices, so the risk of brainjacking should be taken seriously before it’s too late.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Neuroscience

Share:
The Big Picture
Explore and monitor how Neuroscience is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

How to protect the global supply chain from phishing scams

Blake Darché

November 25, 2024

5 ways to achieve effective cyber resilience

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum