Guest author Jason Pittman, Sc.D., is a collegiate faculty member atÌýUMGCÌýwhere heÌýteachesÌýin the School of Cybersecurity and Information Technology.
The potential of Brain-Computer Interfaces (BCIs) is enormous, from helping people with disabilities to improving work and personal performance but so,Ìýtoo,Ìýare the untold cybersecurity risks.
The idea of using our brains to control a computer may seem far-fetched, evenÌýinÌýscience fiction. Yet, brain-computer interfacesÌý(BCIs)Ìýare already commercially available. We can use a BCI to float a ball in mock Jedi fashion,Ìýenable the physically disabled toÌýenter data into a computer,ÌýandÌýacademicallyÌýplumb the mysteries of human-computer interaction. Indeed, companies such as OpenBCI and Emotive offer research-grade equipment.ÌýManufacturersÌýincludingÌýMattel and NeuroSkyÌýsellÌýtoy BCIs.
The good news is these devicesÌýbenefitÌýmillions of peopleÌýtoday. The bad news isÌýthatÌýBCIsÌýprovideÌýthree new frontiers for hackers.
First, a little background about BCI technology. BCI technology is eitherÌýinvasiveÌý´Ç°ùÌýnoninvasive. Invasive BCIsÌýmeasure neural activity from within the brain through some form of implant. While such methods are medically intrusive, the fidelity of recording is high since the sensors connect into neural clusters andÌýcanÌýmeasure single-neuron activity. Noninvasive BCIsÌýgaugeÌýneural activity using sensors placed on the scalp. Signal recording in noninvasive BCIsÌýis broad because sensors can only measure clustered neural activity. Currently, all commercial BCIsÌýare noninvasive except for some medical implementations,Ìýsuch as cochlear implants.
The promise ofÌýBCIsÌýis impressive, but the technology carriesÌýattack opportunitiesÌýfor hackers.ÌýÌýIt isÌýimportant to understand the cybersecurity of BCIsÌýif we are toÌýproactively prevent threats to this newÌýfrontier of innovation. We need to be ahead of theÌýhackersÌýwilling to use it forÌýnefarious outcomes.
Malicious software.ÌýMalicious software—viruses,Ìýworms,ÌýandÌýTrojans—have existed since the dawn of the internet. This software has one purpose: to cause harm and mayhem. Modern malicious software, or malware, leads to more than $20 billion in damages every year. On one hand, the concept of malicious software infecting a wired-up brain is scary. On the other hand, the concept ofÌýransomwareÌýor malicious software that uses encryption toÌýlockÌýthe brain is downright terrifying.
Integrity.ÌýOur data and theirÌýtransmission are the primary driversÌýof modern computing. With BCI, ourÌýthoughtsÌýbecome part of theÌýoperating landscape. As such, BCI data are subject to the same at-rest and in-transit problems as regular data. JustÌýasÌýnormal data can be intentionally corrupted to cause harm to the integrity of the data, hackersÌýwillÌýbe able to corrupt or otherwise alter thoughts-as-data.
Interception.ÌýAn obvious vector for hackers is going to beÌýreading ourÌýthoughtsÌýsince BCI uses our thoughts as input to a computing system. Hackers can already do this with data flowing overÌýa computer network. They can intercept and block or intercept and alter messages. Because a BCI transmits neural activity,Ìýwe shouldÌýexpectÌýthatÌýexisting interception techniquesÌýapply. When this happens, no thought will be private or safe.
We should not let the grimness ofÌýpotential attack vectorsÌýdampenÌýthe great potential of BCI.ÌýWe have conquered harder problems. Moreover, we are in a unique position to understand the threats before hackers start exploiting these vulnerabilities.ÌýBut weÌýneed to begin now, and we need to take these frontiers seriously.
Share This