Tech could be used by cybercriminals to exploit memory implants to steal, spy on, alter or control human memories already existing in the form of deep brain stimulation devices.
Research from Kaspersky Lab, Russia and the University of Oxford Functional Neurosurgery Group, UK, has demonstrated essential technology that could be used to exploit memory implants from the human brain. Within the next five years, scientists expect to be able to electronically record the brain signals that shape memories and then enhance or even rewrite them before putting them back into the brain. Although this is a massive technological breakthrough, Kaspersky Lab research shows the vulnerability such an advancement poses, especially in the hands of cybercriminals.
The first commercial memory boosting implants could appear on the market, a decade from now, and perhaps within 20 years or so, such technology could be advanced enough to allow for extensive control over memories.
What do we know about implantable devices?
Looking into he future, cybercriminals may have the ability to exploit memory implants to steal, spy on, alter or control human memories. Though most radical threats are a few decades away, the essential technology already exists in the form of deep brain stimulation devices.
Scientists are learning how memories are created in the brain and can be targeted, restored and enhanced using such implantable devices. However, vulnerabilities exist in the connected software and hardware and these need to be addressed if we are to be ready for the threats that lie ahead.
The researchers combined thoroughly examined practical and theoretical aspects to explore the current vulnerabilities in implanted devices used for deep brain stimulation.
Known as implantable pulse generators (IPGs) or neurostimulators, these devices send electrical impulses to specific targets in the brain for the treatment of disorders such as Parkinson’s disease, essential tremor, major depression, and OCD’s.
Installed on commercial-grade tablets and smartphones, the newest generation of these implants comes with management software for both clinicians and patients. The connection between them is based on the standard Bluetooth protocol.
Laurie Pycroft, doctoral researcher in the University of Oxford Functional Neurosurgery Group said: “Memory implants are a real and exciting prospect, offering significant healthcare benefits.”
“The prospect of being able to alter and enhance our memories with electrodes may sound like fiction, but it is based on solid science the foundations of which already exist today.”
Cybercriminals
The researchers found several existing and potential risk scenarios, each of which could be exploited by cybercriminals. Such scenarios include the following:
- Exposed connected infrastructure
- Unprotected or unencrypted data transfer between implants, programming software, and any associated networks
- Design constraints as patient safety takes precedence over security
- Unsecure behaviour by medical staff.
Manipulation of existing technology could have catastrophic consequences, therefore addressing these vulnerable areas is vital. Researchers predict that over the coming decades, more advanced neurostimulators and deeper understanding of how the human brain forms and stores memories will accelerate the development of such technology and create new opportunities for cybercriminals.
Pycroft concludes: “Collaborating to understand and address emerging risks and vulnerabilities and doing so while this technology is still relatively new, will pay off in the future.”
Vital to be one step ahead of cybercriminals
It is important to understand that the technology that exists today is the basis for what could be created for the future, therefore the current vulnerabilities identified matter. Dmitry Galov, junior security researcher, Global Research and Analysis Team, Kaspersky Lab added: “Although no attacks targeting neurostimulators have been observed in the wild, points of weakness exist that will not be hard to exploit.”
“We need to bring together healthcare professionals, the cybersecurity industry and manufacturers to investigate and mitigate all potential vulnerabilities, both the ones we see today and the ones that will emerge in the coming years.”
