Brain-computer interfaces may be the future, but will they be secure?


The NCC Group study describes the use cases for BCIs as well as the security risks associated with their use.

Image: iStockphoto/monsitj

While cybersecurity is a touchstone for many businesses and individuals, neural security may be the future of tech privacy. A new study from the NCC group details brain-computer interfaces (BCIs), which could pose a significant threat to personal freedom. BCIs present a number of ethical, legal, and existential questions about how to secure systems that cannot be controlled, such as the human brain.

Transhumanism is a key topic, describing how people will merge their minds with the use of technology to enhance their cognitive and physical abilities. An example of this is seen from Neuralink, which attempted to make breakthroughs by integrating BCIs directly into the brain. While these devices can have their benefits, as with any technology, they can be susceptible to attack, posing a very real threat to those using these BCIs once they become available.

TO SEE: Artificial Intelligence Ethics Policy (TechRepublic Premium)

How do BCIs work?

BCIs fall into three different categories:

  • Non-invasive BCIs
  • Partially invasive BCIs
  • Invasive BCIs

According to the findings of the NCC group, non-invasive BCIs are typically sensors applied to a person’s head or through the use of a helmet or exoskeleton with sensors. These devices usually only read data from a person’s brain and are used in a monitoring function. Since this version of the BCIs is limited in what it can do, it cannot use high frequency signals effectively due to skull resistance. These devices would work like an electroencephalogram (EEG).

Partially invasive versions are implanted inside the human skull, but do not sit directly on a person’s brain. For this reason, these BCIs have a lower risk of creating scar tissue because they exist only in the gray matter of the brain. By using these devices, people have shown the ability to operate electronic devices without using their hands via signals transmitted by the sensor.

An invasive example of BCI described above is Neuralink, and these devices are placed directly under the scalp to transmit signals in and out of the brain. The only major downside to this is the use of invasive surgery and the potential for scar tissue to form around the site, which can lead to potential side effects such as seizures. The Neuralink chip allows information to be transmitted via Bluetooth.

A key part of this BCI technology is how it can be applied to AI and machine learning (ML). Using AI and ML, the technology has been paired with movements based on brain activity to the point where it can then predict future movements based on that same information. Different interfaces can be used for eye tracking, voice recognition, AR/VR, wireless technologies and muscle sensing pads.

The problems of BCIs

The biggest problem with using BCIs is the security threats that can arise from them. While a PC user may lose data or device usage, the costs of hacking an implanted BCI are much higher. If a malicious actor were to gain access to a user’s BCI, it could result in paralysis, severe brain damage, or even potentially death.

While these risks can be serious, in the short term, they warrant immediate investigation into how to mitigate these potential attacks through various measures. According to the report, “much of the impact of adversarial attacks can potentially be mitigated through thoughtful security-by-design in the creation of BCIs.”

Problems begin in the pre-implementation process and flow throughout the process, from ensuring supply chain security to protecting wireless technologies such as Bluetooth themselves. Until these issues can be addressed and regulation can be brought to the fore, BCIs are unlikely to become a household item sooner rather than later, as many industries are just beginning to scratch the surface of this. which the technology is capable of and the potential dangers of its use.

TO SEE: Metaverse Cheat Sheet: Everything You Need to Know (Free PDF) (TechRepublic)

Can these devices really be the future?

While the research and development phase is accelerating on the use of these devices for many reasons, it is important to note that security and safety measures are not yet at an acceptable level. The lack of regulation on security and safety requirements makes the technology extremely vulnerable and risky in the short term. The key to neuro-intimacy will come as BCI devices are developed.

Some of the potential solutions to these issues could be as complicated as maintaining firmware updates to ensure the device has the necessary security updates to simply having a kill switch for the BCI device in case of compromise. Either way, the need for resilience is key, as reliance on this technology will undoubtedly become a real factor in the decades to come.