Format

Send to

Choose Destination
World Neurosurg. 2016 Aug;92:454-462. doi: 10.1016/j.wneu.2016.05.010. Epub 2016 May 13.

Brainjacking: Implant Security Issues in Invasive Neuromodulation.

Author information

1
Oxford Functional Neurosurgery, University of Oxford, John Radcliffe Hospital, Headington, Oxford, United Kingdom. Electronic address: laurie.pycroft@nds.ox.ac.uk.
2
Oxford Functional Neurosurgery, University of Oxford, John Radcliffe Hospital, Headington, Oxford, United Kingdom.
3
Department of Applied Health and Professional Development, Oxford Brookes University, Headington Campus, Oxford, United Kingdom.
4
Department of Physiology, Anatomy, and Genetics, Sherrington Road, Oxford, United Kingdom.

Abstract

The security of medical devices is critical to good patient care, especially when the devices are implanted. In light of recent developments in information security, there is reason to be concerned that medical implants are vulnerable to attack. The ability of attackers to exert malicious control over brain implants ("brainjacking") has unique challenges that we address in this review, with particular focus on deep brain stimulation implants. To illustrate the potential severity of this risk, we identify several mechanisms through which attackers could manipulate patients if unauthorized access to an implant can be achieved. These include blind attacks in which the attacker requires no patient-specific knowledge and targeted attacks that require patient-specific information. Blind attacks include cessation of stimulation, draining implant batteries, inducing tissue damage, and information theft. Targeted attacks include impairment of motor function, alteration of impulse control, modification of emotions or affect, induction of pain, and modulation of the reward system. We also discuss the limitations inherent in designing implants and the trade-offs that must be made to balance device security with battery life and practicality. We conclude that researchers, clinicians, manufacturers, and regulatory bodies should cooperate to minimize the risk posed by brainjacking.

KEYWORDS:

Brainjacking; Cybersecurity; Deep brain stimulation; Hacking; Implantable medical device; Implantable pulse generator; Medical device security; Neurosecurity; Neurosurgery

PMID:
27184896
DOI:
10.1016/j.wneu.2016.05.010
[Indexed for MEDLINE]

Supplemental Content

Full text links

Icon for Elsevier Science
Loading ...
Support Center