The researchers have reported that the development of cutting-edge brain implants which is designed to enhance key memory function is at risk due to the multiple vulnerabilities which could easily allow an attacker to interfere.
One of the threat researchers, Kaspersky Lab and the University of Oxford Functional Neurosurgery Group has explained that the development of implantable pulse generators (IPGs) or the neuro-stimulators is accelerating fast. Devices likes these can target different parts of the brain with electrical impulses to help treat things like Parkinson’s disease, depression and obsessive-compulsive disorder.
However, the software and the hardware which is linked to these devices are at a risk, the vendor warned.
Specifically, it has found one of the major vulnerabilities and multiple misconfigurations in an online management platform which is used by the surgeons, which could easily provide an access to the data on the treatment procedures.
The data transferred between the implant, programming software and the network which was found to be sent unencrypted, which is enabling the interference by malicious third-parties. Kaspersky Lab has also warned that because the doctors may need a quick access to implants in emergencies, they need to be fitted with a software backdoor and easy-to-guess password, further exposing them.
The security vendor has finally documented an insecure behavior by medical staff, such as the usage of default passwords.
Kaspersky Lab is warning that hackers could easily exploit the vulnerabilities to implant, erase or can also steal memories, or even to hold the individuals to ransom by threatening to do so.
“The current vulnerabilities matter because the technology which exists today is the foundation for what will exist in the coming days. Although no attacks targeting the neurostimulators have been observed in the wild, points of weakness exist that will not be hard to exploit.” Explained Dmitry Galov, junior security researcher in the vendor’s Global Research and Analysis Team.
“We need to bring together healthcare professionals, the cybersecurity industry and manufacturers to investigate and mitigate all potential vulnerabilities, both the ones we see today and the ones that will emerge in the coming years.”
“Memory prostheses are only a question of time,” she added. “Collaborating to understand and address emerging risks and vulnerabilities, and doing so while this technology is still relatively new, will pay off in the future.”