In the future, hackers may be able to exploit memory implants to steal, watch, change, or control human memories.
And while there are several decades of the most radical threats, the necessary technology already exists in the form of deep brain stimulation devices. Scientists learn how memories are created in the brain and can be targeted, restored and strengthened using implantable devices.
However, there are vulnerabilities in the linked software and these need to be addressed if we are to be ready for the threats to follow in the next few years, according to a new report by the Operational Neurosurgery Group of the University of Oxford and Kaspersky Lab presented at the annual Kaspersky Conference Next in Barcelona.
The researchers combined practical and theoretical analysis to investigate the current vulnerabilities of implanted devices used for deep brain stimulation. Known as implantable pulse generators (IPG) or neurostimulators, they send electrical pulses to specific parts of the brain to treat disorders such as Parkinson's disease, idiopathic tremor, major depressive disorder, and obsessive compulsive disorder. The latest generation of these implants is accompanied by management software - which is installed on tablets and smartphones - for both clinicians and patients. The connection between them is based on the standard Bluetooth protocol.
The researchers found a series of existing and potential threats, each of which could be exploited by the invaders. These include:
- Exposed connected infrastructures - Researchers have identified a serious vulnerability and many worrying misconceptions in an electronic management platform popular with surgical teams that could lead an intruder to sensitive data and treatment procedures.
- Secure or unencrypted data transfer between the implant, the software and any associated networks could allow malicious intervention in a patient's implant or even interference across whole patient groups with implants connected to the same infrastructure. Handling implants from hackers can lead to changes that cause pain, paralysis or theft of private and confidential personal data.
- Design restrictions as patient health prevails over security. For example, a medical implant must be checked by doctors in emergencies, even when a patient is admitted to a hospital away from his / her place of residence. This excludes the use of any password that is not widely known to clinicians. Further, it means that, by default, such implants must be provided with backdoor software.
- Unsafe behavior of medical staff - Software-critical software programs have been found to remain with default minimum security passwords, and to be used for web browsing or with additional applications installed.
Addressing these vulnerable issues is crucial because researchers believe that in the coming decades the most advanced neurostimulators and the deeper understanding of how the human brain forms and stores memories will accelerate the development and use of such technologies and create new opportunities for cyber attacks.
Within five years, scientists expect to be able to electronically record the brain's signals that create memories and then amplify them or rewrite them before they are repositioned in the brain. In a decade from now, the first memory-boosting implants could appear on the market - and in about 20 years, technology could go far enough to allow for extensive memory testing.
The new threats that arise from it could include massive group manipulation through implanted or deleted memories of political events or conflicts. while "redefined" digital threats could target new opportunities for digital espionage or the theft, erasure or "blocking" of memories (for example, in exchange for ransom).
Commenting on the results of the survey, Dmitry Galov, junior security researcher at Kaspersky Lab's Global Research and Analysis Group, said:
Current vulnerabilities are important because the technology that exists today is the foundation for what will exist in the future. Although no attacks on the natural environment have been reported with a focus on neurostimulants, there are weaknesses that will not be difficult to exploit. We need to bring together healthcare professionals, digital security professionals and manufacturers to investigate and mitigate all potential vulnerabilities, both what we see today and what will emerge in the coming years.
Laurie Pycroft, a PhD researcher in Oxford's Functional Neurosurgery Group, added:
Memory implants are a real and exciting prospect, offering significant benefits to healthcare. The prospect of changing and enhancing our memories with electrodes may sound like fiction, but it is based on a solid science whose foundations already exist today. Memory implants are only a matter of time. Collaborating to understand and address emerging risks and vulnerabilities, while this technology remains relatively new, will pay off in the future.
Here you can find the analytical report «The Memory Market: Preparing for a future where cyber-threats target your past».
Watch the video