Implanted brain stimulation devices are used by scientists to explore
how memories are created in the brain. New research shows that
vulnerabilities mean they could be be targeted in future to steal
personal information, alter or erase memories or cause physical harm.
Sound like science fiction? Researchers from
Kaspersky Lab and the
University of Oxford Functional Neurosurgery Group
have used practical and theoretical analysis to explore the very real
vulnerabilities that could exist in implanted devices used for deep
brain stimulation.
Known as Implantable Pulse Generators (IPGs) or neurostimulators,
these devices send electrical impulses to specific targets in the brain
for the treatment of disorders like Parkinson's disease and severe
depression.
Researchers found a number of existing and potential risk scenarios,
each of which could be exploited by attackers. These include
misconfigurations in an online management platform popular with surgical
teams, which could allow an attacker to access sensitive data and
treatment procedures.
Other risks include insecure or unencrypted data transfer between the
implant, the programming software and any associated networks, as well
as design constraints intended to ensure patient safety. For example if a
medical implant needs to be controlled by doctors in emergency
situations, including when a patient is rushed into a hospital far from
their home. This precludes use of any password that isn't widely known
among clinicians. It means that by default such implants need to be
fitted with a software 'backdoor.'
Insecure behavior by medical staff is a problem too, with devices
holding patient-critical software found being left with default
passwords, used to browse the internet or with additional apps
downloaded onto them.
While you may not need to worry about this too much now, within five
years, scientists expect to be able to electronically record the brain
signals that build memories, and then enhance or even rewrite them
before putting them back into the brain. A decade from now, the first
commercial memory boosting implants could appear on the market -- and,
within 20 years or so, the technology could be advanced enough to allow
for extensive control over memories.
It could therefore become possible to undertake the mass manipulation
of groups through implanted or erased memories; while 'repurposed'
cyberthreats could target new opportunities for cyberespionage or the
theft, deletion or 'locking' of memories (for example, in return for a
ransom).
"Memory implants are a real and exciting prospect, offering
significant healthcare benefits," says Laurie Pycroft, doctoral
researcher in the University of Oxford Functional Neurosurgery Group.
"The prospect of being able to alter and enhance our memories with
electrodes may sound like fiction, but it is based on solid science, the
foundations of which already exist today. Memory prostheses are only a
question of time. Collaborating to understand and address emerging risks
and vulnerabilities, and doing so while this technology is still
relatively new, will pay off in the future."
You can find out more about the study on the
Kaspersky Securelist blog.
#ref-menu