Meet the latest threat to Cyber Security, Brainjacking, i.e. hacking the brain of someone with an implanted medical device. In the recent date, Belgium scientists have found out that a wireless brain implant, known as a neurostimulator, that can be hacked using off-the-shelf materials. So, for hackers, they can now make voltage changes that, “could result in sensory denial, disability, and death”, by utilizing remote exploitation.

Now, Deep Brain Stimulation (DBS) is the procedure that is used to implant neurostimulators. Electrical impulses are then sent to the brain. DBS is the thing which has been used to ease the symptoms of Parkinson’s disease, chronic pain, tremors and other medical disorders. It has also been used to treat illnesses such as depression and obsessive-compulsive disorder.

Private medical information could also be compromised due to the lack of encryption and authentication of these implantable devices. The future neurotransmitters that would follow are expected to leverage information extracted from brain waves like P-300, for the purpose of customizing therapy. So, if a hacker is able to capture and evaluate the signal, it would be possible for the victim’s private thoughts to be exposed.

Medical devices in general, including insulin pumps and defibrillators, can be hacked. So, once these devices are connected to the internet, things would definitely take a sinister turn, and this is known as “brainjacking.”

So, several reasons persist why a brainjacking attack might be carried out, listing blackmail, revenge, warfare, political motivations, etc. It could also be used as a bullying tactic. To this, Fast Company reports, “The motive need not even be rational; in 2008 a website for epilepsy sufferers was attacked using flashing images designed to trigger seizures, with the attackers’ apparent motivation being amusement.”

Securing the Medical Devices:

The researchers in Belgium have described their preferred method for securing medical devices in a paper entitled Securing Wireless Neurostimulators. This was in fact presented at the Eighth ACM Conference on Data and Application Security and Privacy last month, stating of reverse engineering of an unnamed implantable medical device and using cheap equipment to receive and transmit messages to and from it. To this, the Register also presented their view. To cut short, if the security on these devices is breached, the hacker would have a direct line into the brain, and thus obtain the ability to wield considerable control over the victim.

Brainjacking-1
Image Credit: Bleeping Computer

U.S. government issues alerts:

The Food and Drug Administration (FDA) has pointed out that all medical devices carry a certain amount of risk. The regulatory agency gave a green to medical devices when there is a reasonable assurance that the benefits to patients outweigh the risks. While admitting that the increased use of wireless technology increases the risks, the FDA also cited the increase in quality of health care these connected devices can bring. So, overall it’s a balancing act in which the risks are never completely eliminated.

The FDA has already started monitoring devices on the market, thus,  encouraging the public to report any cybersecurity issues regarding medical devices at this link. The public is also welcome to view the information the FDA has collected so far in its efforts to help secure this important and often life-transforming technology.