With dozens of companies, including biggies like Meta and Elon Musk’s Neuralink, engaged in research around the potential benefits of BCIs, security researchers at the NCC Group have published a whitepaper to examine the technology, outlining challenges it must overcome before they elevate our smart and connected life to the next level. “Despite the potential benefits of BCIs, the reality is that they involve integrating technology with our brains,” argue the researchers in the paper. “[This] technology can be insecure and vulnerable to attack, which may, in turn, put the privacy and integrity of an individuals’ brain activity at risk.”
No Brainer
In their paper titled “Internet of Thinks,” the authors explain that the BCI technology, which is attracting significant amounts of investments, builds on decades of neuroscience research, and leverages developments in machine learning and artificial intelligence (AI). Davide Valeriani, BCI researcher at the University of Essex went as far as to suggest that the combination of humans and technology could be more powerful than AI. However, the race to commercialize BCI is exposing the technology to all kinds of security, and privacy risks, assert the authors. Experts suggest that while the convergence of mind and technology is fascinating, it’s crucial that BCIs are scrutinized with the same rigor as any other emerging technology. In the same vein, proposing a deeper study of the threat models of BCIs, the authors say that compared to a traditional computer, where security incidents could cause data loss or impede the device, the costs of having an implanted BCI hacked are much greater. Communication between the brain and the machine is one of the weak links that Paul Bischoff, privacy advocate and editor of infosec research at Comparitech thinks must be investigated thoroughly. “These devices will need to communicate with other devices for data gathering and critical updates. Manufacturers need to ensure that the devices only communicate with authorized parties and that the communication cannot be intercepted,” Bischoff told Lifewire over email. He adds that the risks increase significantly if the BCI or any of the devices that connect to it communicate wirelessly or are connected to the internet.
Brain Freeze
For Sai Huda, CEO of cybersecurity company CyberCatch, privacy is another major issue that needs to be addressed since the technology involves data collection. “There are several potential abuses of privacy rights inherent with BCI technology. An example would be a company selling BCI data collected to another company for profit without the knowledge or consent of the consumers,” Huda pointed out in an email exchange with Lifewire. To overcome these issues, he suggested some questions that BCI researchers must address. “Is there clear and conspicuous disclosure of what data is collected and how is it used? Who is it shared with? How can the consumer restrict or prohibit collection, use, or sharing?” Owing to the nature of the technology, it is quite reasonable to assume that BCIs will be on the target of threat actors, believes Huda. “A nightmare scenario is a threat actor exploiting a security hole, breaking in, stealing extremely sensitive data about consumers brain functions and responses and while also planting malware in the system to enable manipulating the BCI technology to cause harm. Then demanding a massive ransom,” Huda illustrated. Bischoff agrees and suggests that without adequate security protections, BCI users could, at the very least, end up with a device that doesn’t function or, in the extreme case, be vulnerable to mind-reading or even mind control. Comparing BCIs to the internet, Huda said there are two aspects of the emerging technology, much like the web. So while it offers unprecedented benefits to both consumers and businesses, it is just as prone to abuse without adequate safeguards. “But by addressing squarely, both the privacy rights and security protection, BCI technology has potential to transform life positively as the Internet,” said Huda.