back to article Surprise! Wireless brain implants are not secure, and can be hijacked to kill you or steal thoughts

Scientists in Belgium have tested the security of a wireless brain implant called a neurostimulator – and found that its unprotected signals can be hacked with off-the-shelf equipment. And because this particularly bit of kit resides amid sensitive gray matter – to treat conditions like Parkinson's – the potential consequences …

  1. Gordan
    Happy

    Ghost in the Shell

    More or less the premise the movie is based on.

    (Icon because it seems to be the closest to "The Laughing Man" among the options.)

    1. AndrueC Silver badge
      Happy

      Re: Ghost in the Shell

      Also used as a form of attack in the rather good novel ORA:CLE.

      In that case the poor sod has a loud beep played incessantly inside his head.

      1. TechnicalBen Silver badge
        Facepalm

        Re: Ghost in the Shell

        "In that case the poor sod has a loud beep played incessantly inside his head." With IOTs world around the corner, we'd not need it in our heads to be driven crazy by constant beeps!

        (Pic of how I feel when I hear the swearing devices!)

  2. Anonymous Coward
    Anonymous Coward

    Would a tin foil hat protect you from people stealing your thoughts?

    It's 2018 and I can finally ask that question without sounding crazy. How the world has changed.

  3. malle-herbert Silver badge
    Joke

    "Using the brain as a true random number generator"

    Yeah... just show someone some random pictures off the telly...

    Next thing you know you'll need a dolphin to get the information out !

    1. The Oncoming Scorn Silver badge
      Thumb Up

      Re: "Using the brain as a true random number generator"

      The last ever dolphin message was misinterpreted as a surprisingly sophisticated attempt to do a double-backwards-somersault through a hoop whilst whistling the 'Star Spangled Banner', but in fact the message was this: So long and thanks for all the fish.

    2. TechnicalBen Silver badge
      Paris Hilton

      Re: "Using the brain as a true random number generator"

      Are you sure that would work well?

      4...

      4...

      4...

      4...

      4...

    3. Scroticus Canis Silver badge
      Devil

      Re: "Next thing you know you'll need a dolphin to get the information out !"

      I believe the mice also have a solution but you may not like it.

  4. John Smith 19 Gold badge
    Holmes

    "The lesson here,..is that security-through-obscurity is a dangerous design choice."

    Icon says it all.

    No doubt a lesson to be re-discovered ad nausem.

    1. Scroticus Canis Silver badge
      Holmes

      Re: "The lesson here,..is that security-through-obscurity is a dangerous design choice."

      Actually it should be the first step in a multi-layered approach. Always laminate the armour.

  5. Daedalus Silver badge
    Mushroom

    Sorry in advance

    Allow me to be the first to say that this is totally mind-blowing, man.

  6. Thoguht Silver badge

    Security by obscurity?

    ... the boffins propose a novel security architecture ...

    Why? What's wrong with the existing, tried and tested ones?

    1. Jim Mitchell

      Re: Security by obscurity?

      I wouldn't even call it "novel". It using the device's environment to generate entropy for key generation. Just that the environment is wet and electrical.

      1. Killfalcon Bronze badge

        Re: Security by obscurity?

        They do say in the article - existing methods would require adding more Stuff to the implant, which needs to be tiny and low-power. The novelty is, as Jim points out, an unusual RNG.

      2. Jimmy2Cows

        Re: Security by obscurity?

        Just that the environment is wet and electrical.

        Ah, so it's the old "in a mobile device" variant of novel...

  7. Christoph Silver badge

    attacks on brain-computer interfaces have shown "that the P-300 wave can leak sensitive personal information such as passwords, PINs, whether a person is known to the subject, or even reveal emotions and thoughts."

    Will it be the UK or the USA that first makes these compulsory? To protect the children!

    1. Pascal Monett Silver badge
      Devil

      Bah. Why choose ?

      It'll be a joint effort.

      Leading the way and all that.

    2. Hockney
      Big Brother

      Less 'host In the Shell', more 'Psycho-Pass' (https://www.imdb.com/title/tt2379308/), where we all think socially acceptable thoughts for fear of being corrected in a terminal fashion. All under the benevolent gaze of Siri.

  8. SVV Silver badge

    I'll be just fine....

    I've got an Implant 365 from Microsoft, running off the Azure Cloud and they say it's completely reliable!

  9. Chozo

    Just in case anybody has not seen the cyberpunk short film "Sight" where the guy hacks his dates wetware when she discovers he's a game junkie using a dating app.

    https://youtu.be/lK_cdkpazjI

  10. fidodogbreath Silver badge
    Pint

    Denial Of Senses

    potential consequences of successful remote exploitation include voltage changes that could result in sensory denial, disability, and death

    Similar to the existing Denial Of Sense attack, that uses alcohol as the vector.

    1. Anonymous Coward
      Anonymous Coward

      Re: More research

      I need more research, I have not yet hit the specified dose to loose my senses.

    2. Jimmy2Cows

      Re: Denial Of Senses

      Also susceptible to Distributed Denial of Senses a.k.a. pub crawl

  11. katx5h

    Shoot, guess I shouldn't have used that Russian brain surgeon after all!

    1. The Oncoming Scorn Silver badge
      Joke

      Mitchell Gant....

      Microsoft Edge developers must think in Russian to shoot down the other Firefox.

  12. Charles 9 Silver badge

    Question: Given that implantable devices have to work within very tight power restraints (due to size and location) , how do you improve security (which has a necessary power cost) without reducing it's working life, which necessarily needs to be maximized due to the inherent risks of surgery?

    1. TechnicalBen Silver badge

      Cost.

      Often it is not down to possibility, but cost. A low powered, but high capability chip is generally more expensive. Though it does often use more power too... not usually much of a problem as induction etc can be used to power externally.

      1. vtcodger Silver badge

        Re: Cost.

        "Good news! The operation was a success and your tremors should be under control. Just don't get your head wet when you bathe, and don't get any MRIs, and be sure and tell your dentist you have a brain implant. And, Oh yes, here's the battery charger you'll have to wear for at least three hours every day ...

        What could possibly go wrong?

      2. Charles 9 Silver badge

        Re: Cost.

        Please don't get me started on magnetic induction. Because of this (in a pacemaker), a friend of mine can't go through magnetometers at airports, requiring either using the X-ray machine or a physical pat-down.

  13. Anonymous Coward
    Anonymous Coward

    How long..

    until Zuck figures a way to embed a Facebook API into this?

  14. Anonymous Coward
    Anonymous Coward

    Neat solution, this

    "They believe there's an alternative: Using the brain as a true random number generator, a critical element for secure key generation."

    Really neat solution. You can't beat that at randomness !

    1. onefang Silver badge

      Re: Neat solution, this

      '"They believe there's an alternative: Using the brain as a true random number generator, a critical element for secure key generation."

      Really neat solution. You can't beat that at randomness !'

      Until someone finds a side channel attack directed at your brain.

  15. (func (param $db) (result void) drop $db)

    They had help doing so from the device's programmer

    clarification: "device's programmer" is not a human, but a device which communicates with the implant.

  16. Christian Berger Silver badge

    The question is actually rather irrelevant...

    ... we are not yet ready as we currently would still let companies do such implants. Once they become sophisticated enough to do complex things, you can bet that the manufacturers will use them for advertisement and other forms of attention monetarisation... just like they already did with Smartphones.

  17. Alister Silver badge

    wireless brain implants are insecure

    Thank gods I forgot to put mine in, this morning, eh?

  18. Michael Habel Silver badge

    Just the thing to make Big Brother happy

    A mandatory Happyness Chip, that keeps Big Brother alert of how happy you are with him. And, if not will automagicaly schedule a few quick appointments at the reeducation center, if needs be... I'm sure Mr's Junker and, Barnier would happily pass a mandate to make this compulsorily for the entire EU... Sans its Migrant Workers, who are set to inherit Europe anyway.

  19. Cuddles Silver badge

    Improving security

    "the transmissions of the implantable medical device in question are not encrypted or authenticated"

    "how they believe its security can be improved"

    Step 1: Actually have any kind of security at all.

    1. Charles 9 Silver badge

      Re: Improving security

      "Step 1: Actually have any kind of security at all."

      Problem 1: Stingy power budget (this is an implant, after all; longevity is a requirement). How do you secure the device without shortening its lifespan?

      1. Jimmy2Cows
        Coat

        Re: How do you secure the device without shortening its lifespan?

        Small external power pack with an unobtrusive induction coupling should do the trick.

        Rejection of external interference, physical security and robust connections are just implementation details...

        Say a 200lb lithium-ion trailer with some of those industrial shielded multi-pin threaded connectors... completely unobtrusive and no more issues about power budget or flimsy connections.

        Seems like a plan with no drawbacks to me...

        1. Charles 9 Silver badge

          Re: How do you secure the device without shortening its lifespan?

          You've never had to deal with a person wearing a pacemaker, have you? Magnetic induction interfaces mean you can't pass many things in life, like microwaves and magnetometers (metal detectors). Plus, externals complicate things especially when the patient is already infirm and may not be in suitable physical shape.

  20. Callum Winton

    Title is bricken?

    Shouldn't the title be 'unsecure' not 'insecure'?

    I'm pretty sure the implants aren't worrying about what other implants are saying about them ;)

    CW

  21. Tigra 07 Silver badge
    Terminator

    Getting closer

    Human. Please submit to a compulsory brain scan on the following topics. The results will determine if you live, or die as a heretic.

    WE WILL KNOW IF YOU LIE OR CONCEAL YOUR THOUGHTS

    1. TechnicalBen Silver badge
      Joke

      Re: Getting closer

      I think we already know when someone is lying. For example, those who say they like Marmite must be! Or they are Lizard people... there is that possibility.

      1. Tigra 07 Silver badge
        Flame

        Re: Getting closer

        Marmite is great you swine.

        1. TechnicalBen Silver badge

          Re: Getting closer

          Someone cannot take a joke. ;)

          I still say it would be 50/50 on if we were forced to eat the stuff or give it up given the brain implants!

  22. Robert Grant

    Brainwaves for encryption? Haruki Murakami waves from 1985: https://en.wikipedia.org/wiki/Hard-Boiled_Wonderland_and_the_End_of_the_World

  23. Anonymous Coward
    Anonymous Coward

    Not for Parkinsons's

    There is a effective safe treatment for Parkinson's. No electricity needed. I think they are doing "other' things with this equipment.

  24. Scroticus Canis Silver badge
    Unhappy

    I'm beginning to regret my neural-net net now

    Hub? Hub?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019