Researchers are warning that the development of cutting-edge brain implants designed to enhance key memory functions is at risk due to multiple vulnerabilities which could allow attackers to interfere.
In a piece of forward-looking threat research, Kaspersky Lab and the University of Oxford Functional Neurosurgery Group explained that development of implantable pulse generators (IPGs) or neuro-stimulators is accelerating fast. Such devices apparently target parts of the brain with electrical impulses to help treat things like Parkinson's disease, depression and obsessive–compulsive disorder.
However, both software and hardware linked to these devices is at risk, the vendor warned.
Specifically, it found one major vulnerability and several misconfigurations in an online management platform used by surgeons, which could provide hackers with access to data on treatment procedures.
Data transferred between implant, programming software and networks was found to be sent unencrypted, enabling interference by malicious third-parties. Kaspersky Lab also warned that because doctors may need quick access to implants in emergencies, they need to be fitted with a software backdoor and easy-to-guess passwords, further exposing them.
Finally, the security vendor documented insecure behavior by medical staff, such as use of default passwords.
With the first commercial IPGs potentially ready in as little as 10 years’ time, Kaspersky Lab is warning that attackers could exploit vulnerabilities to implant, erase or steal memories, or even to hold individuals to ransom by threatening to do so.
“Current vulnerabilities matter because the technology that exists today is the foundation for what will exist in the future. Although no attacks targeting neuro-stimulators have been observed in the wild, points of weakness exist that will not be hard to exploit,” explained Dmitry Galov, junior security researcher in the vendor’s Global Research and Analysis Team.
“We need to bring together healthcare professionals, the cybersecurity industry and manufacturers to investigate and mitigate all potential vulnerabilities, both the ones we see today and the ones that will emerge in the coming years.”
Laurie Pycroft, a doctoral researcher in the University of Oxford Functional Neurosurgery Group, added that what sounds like science fiction is fast becoming fact.
“Memory prostheses are only a question of time,” she added. “Collaborating to understand and address emerging risks and vulnerabilities, and doing so while this technology is still relatively new, will pay off in the future.”