Currently, Almost all connected devices can be hacked, from televisions to smart cars. In general, a cyberattack compromises the victim’s device and controls its operation.
Nevertheless, The most worrying problem for the healthcare sector is cyberattacks on implanted medical devices.
Cybersecurity experts claim that certain connected medical devices implanted in the body or brain of a human being could be hijacked, what they call Brainjacking.
What is brainjacking?
Brainjacking is a type of cyber attack in which a hacker gains unauthorized access to neural implants in a human body. This has been the subject of science fiction debate for decades, but with advances in implant technology it is beginning to be possible.
Brain implants, also known as neural implants, are microchips that connect directly to a human’s brain to establish a brain-computer interface in the brain that has become dysfunctional due to medical problems.
Hack the devices surgically implanted in a human brain could allow an attacker to control the patient’s cognition and functions, which could have previously unknown consequences.
Once hacked, cyber attackers could induce behavioral changes and could also affect motor function impairment, impulse control disturbance, pain induction, emotion or affect modification.
What are the benefits of brain implants?
Elon Musk recently discussed the possibility of a future where man has brain implants for a variety of reasons, from boosting his memory to listening to music.
His computer-chip brain implant known as Neuralink also promises to link the body’s muscles to a machine, with the aim of treating injuries and neurological problems.
And it is that, it is just one example of many that seek to improve our quality of life. The most common type of brain implant is known as a DBS or deep brain stimulation system. It consists of the implantation of electrodes inside the brain connected to cables that pass under the skin and that transmit signals from an implanted stimulator.
This brain stimulation system can send small, precise bursts of electricity to the brain to control epilepsy, Parkinson’s tremors, muscle spasms or chronic pain. It has even been tested for diseases such as depression or Tourette’s syndrome.
How are brain implants hacked?
Brain implant market size forecast to reach $8.29 billion by 2025. This corresponds to an increasing number of people who will use brain implants in the near future.
Extracting relevant information such as the PIN of the credit card or the address from the minds of its victims, are only the tip of the iceberg of what could be done.
The worst side of these hacks could materialize in the alteration, through a smartphone or the Internet, of the stimulation adjustments so that patients with chronic pain experience even more pain than they would without stimulation. Or a Parkinson’s patient might see her ability to move inhibited.
In theory, a hacker could also cause changes in behavior, such as changes in behavior or generate psychological diseases such as gambling, or even influence the patient’s behavior by stimulating parts of the brain associated with learning, indoctrination and even violent radicalization.
And it is that, this very precise control of the brain that is sought to be developed, together with the wireless control of the stimulators, also opens an opportunity for attackers to go beyond the simplest damage such as the control of insulin pumps or cardiac implants such as pacemakers, and enter a field of deeply worrying attacks such as those mentioned.
It should be noted that these hacks would be difficult to carry out, as they would require a high degree of technical proficiency and the ability to track the victim.
What is the solution to this impending problem?
Solutions have been proposed to make implants more resistant to cyberattacks, but manufacturers of these devices find themselves in a difficult position when it comes to trying to implement security features. There is a balance between designing a system with perfect security and a system that is actually useful in the real world.
Basically, implants are very limited by physical size and battery capacity, making many designs infeasible.
And it is that, these devices must be easily accessible to clinicians in an emergency, which means that some form of “back door” control is almost a necessity.
As they are approved for the treatment of more diseases, become cheaper and become more functional, more and more patients will be implanted.
This is a good thing overall, but just as a more complex and interconnected internet has led to greater cybersecurity risks, more advanced and widespread brain implants will present tempting targets for criminals.
Let’s think about what a cyberterrorist could do with access to those neural chips, from, for example, a politician or Elon Musk himself and the blackmail that this could generate by having the ability to alter the way you act and think.. It sounds like science fiction, but it is unlikely that these scenarios will remain in our imagination forever.
The United States Food and Drug Administration (FDA) published draft premarket guidelinesfor the cybersecurity of medical devices.
The draft includes recommendations for manufacturers of these Internet-connected devices on cybersecurity assessment to ensure protection against cyberthreats.
Although the scope of brain implants seems very promising, a single incident of brainjacking can damage your reputation and raise questions about its safety and usefulness. That is why it is important to address this issue before the chips reach the general market.
In addition, cybersecurity measures, including encryption, identity and access management, patching, and upgrading the security of these brain implants, need to be strengthened to minimize brainjacking. Physicians and patients need to be educated to take precautions against these attacks.