Avoiding brain hacking - Challenges of cybersecurity and privacy in Brain Computer Interfaces

Avoiding brain hacking - Challenges of cybersecurity and privacy in Brain Computer Interfaces

12 Min.
By the Bitbrain team
November 21, 2018

What would happen if a computer hacker could access the neural information of the president of the United States and revealed the nation’s next military objectives? Or what if the hacker discovered the president suffers from a mental illness and disclosed this information to the press? Or even worse… How much would a rival country pay for such information? We are entering the era of neurotechnology and brain-computer interfaces, which is a technology that connects people’s brains directly to mobile phones and computers. But… is this technology really safe against cyber attacks? And what actions should be taken by manufacturers, users, and governments to address this new security scenario?

Approximately 40 years ago, the first scientific prototypes that demonstrated applications of brain-computer interfaces were launched: this technology is capable of reading brain activity and decipher thoughts to carry out man-machine interaction tasks. Tasks that ranged from controlling devices such as a wheelchair up to medical interventions for cognitive rehabilitation. In the last 10 years, some of this scientific research has become available to society, by companies that have developed wearable, comfortable and accessible brain sensing devices that start to be part of our daily lives.

According to large consultancy agencies such as Stratserv Consultancy, the common consumer will massively buy and use brain-computer interfacing devices or machines between  2025 and 2030. Stratserv Consultancy also predicts that touchscreen technology will start to suffer a decrease in popularity with the commercialization of brain-computer interfaces, which will happen at the same time as the widespread adoption of technological solutions for holographic projections, visual devices, voiceless communication, and HMD systems. The possibilities offered by brain-computer interfaces are almost infinite: gaming, domotic control, health, and transportation, among others. This is why a large number of companies have detected this niche and are on board. From large companies such as Nissan with its brain-to-vehicle technology, Facebook with its “mental keyboard”, Microsoft with its new patents, and new startups with millionaire funding such as  Neuralink by Elon Musk and Kernel by Bryan Johnson.  

Brain-computer interfaces are promising technologies with a characteristic that make them unique: access to neural data from people, which is extremely sensitive information due to its health-related aspects as well as its association with the deep, private thoughts of oneself.

From a security point-of-view, brain-computer interfaces present two very important aspects: a) the nature of the information generated, which could be monetized through extortions and sold to companies; this information originates from the neuronal data of people, and therefore is very sensitive information due to its health-related aspects and because it is associated with intimate, private thoughts of a person; and b) direct communication with the body, which involves sending stimuli to the brain such as visual or auditory, or sending signals to the user’s devices. Both together open a new set of attack opportunities that are a threat to current technologies.  

Balusian (IT and cybersecurity consultancy company) and Bitbrain (expert in neurotechnology and BCI) have explored these key cybersecurity aspects associated with this technology, aiming to answer these two questions:

  1. How can this new technology expose our brain activity to third parties, generating new privacy and safety problems?

  2. What solutions should be adopted by manufacturers and governments to protect citizens from these new cyber attack scenarios?

What is a non-invasive brain-computer interface (BCI)?

EEG Diadem

A brain-computer interface or BCI system (sometimes also called brain-machine interface, BMI) enables the real-time translation of brain activity into orders that can be utilized to control devices, with the electroencephalogram (EEG) being the most developed non-invasive measurement technology. Systems based on human EEGs have been utilized to control a computer mouse, write on the computer, send an email, search on the internet or even to control robotic arms and prostheses by SCI or stroke patients, among many other applications.

The peak of mobile technologies, communications, and cloud computing have led to a very fast evolution of BCI technologies, enabling the exploration of new applications that were unthinkable a few years back. For example, there are already commercially available gadget-like equipment oriented to the final consumer (B2C) such as Neurosky, Emotiv and Muse, which are mainly focused on entertainment and wellbeing. There are also devices oriented to companies (B2B) that are very reliable, comfortable, and easy to use, such as those provided by Imec and Bitbrain. In both cases, the penetration of BCI applications into our society is a reality.

The next image shows the general architecture of an EEG-based BCI solution with a computer system view, which helps us identify the risk points of the technology:

Architecture of Bci Solution

Image: Standard architecture of a BCI solution

The key element is the EEG device (1), a technology that is placed on the user head and counts with non-invasive sensors that measure the electrical activity of the brain on the areas where they are placed on. The EEG sensor information is digitalized and sent to a Nearby control device (3) that frequently is a smartphone, tablet or computer application. The device collects, processes and stores brain activity. It can also interact with the user through different means, by sending visual or somatosensorial stimuli (4’) to the user, or sending commands to another device (4) such as a motor prosthesis. Some applications send some data (5) to a remote control device (6) that is usually a cloud server. These servers either carry out storage tasks in a database, massive computation of data, or extensive data computation that use data already stored in the server. Eventually, these servers can send information (7) to the close control device to adapt operation to a specific user.

There are 3 types of applications that follow this architecture, where all BCI are included:

  1. Monitoring: encompasses the complete range of applications related to collecting brain activity in a passive manner, to identify states associated with our cognitive, emotional or sensory-motor activity.

  2. Evaluation/ Diagnosis: processes brain activity to evaluate cognitive or emotional capabilities on the basis of neural patterns. Also, abnormal brain patterns can also be identified such as in the case of depression or epilepsy, among others.

  3. Interaction/Intervention: processes brain activity in real time to interact with devices such as a keyboard on the screen. When this interaction has a rehabilitation purpose, it is usually referred to as an intervention.

The applications of BCI solutions can be very diverse and include medical applications (for the diagnosis of neurological illnesses, treatment of phobias, cognitive rehabilitation in dementia, recovery of mobility with neuroprosthesis in people with mobility impairment), entertainment applications (video games that offer interfaces directly connected with our brain), neuromarketing services, wellness services (such as cognitive training). Other industries, such as the automotive, have also adopted this technology. Nissan and its Brain-To-Vehicle solution is the first real-time brain activity detection and analysis system that is related to driving.

What is cybersecurity?

Cyber security or information security is a field that comprehends different measures and activities with the objective of protecting technological structures and the information that is generated, processed, transmitted and stored in such infrastructures or computer networks. Protection focuses on the different dimensions of security, which are, at least, confidentiality, integrity, and availability. Confidentiality aims at protecting our valuable information (data on users, employees, servers, sale reports, patents) from unauthorized access, by means of encryption techniques and access control, or the use of firewalls. Integrity implies that data is not affected by mistakes or malicious modifications (modifications in payments and monetary transactions, changes in the content of emails, introduction of malicious codes within applications), through the use of signatures, control of versions, antivirus systems and antimalware. Finally, availability refers to the necessity of the information being accessible for authorized parties who require it, through redundancy systems and high availability, protection against external attacks and recovery systems in the case of failure.

Guaranteeing the information security or of the infrastructures implies in setting up different prevention and protection measures or controls, along with detection and incident response to avoid and be protected against safety incidents . There are different security frameworks that help identify the most adequate controls and measures (ISO 27001:2013, NIST Cybersecurity Framework, CIS Critical Security Controls). A common characteristic is that all focus on security risks, where risk is understood as the materialization of a system attack that can exploit the vulnerabilities (or weaknesses) offered by such systems, generating an impact.

Risk Cyberattack Impact Vulnerability

Image: how cybersecurity approaches risks

This article has considered the risks associated with privacy and safety of brain-computer interfaces, which are related to two essential aspects:

  1. Nature of EEG data, which can be monetized through the sale to third parties or used to extort users.

  2. The fact that new communication channels have been created with the human body, where attacks against the user integrity could occur.  

Cybersecurity risk scenarios related to the privacy of brain-computer interfaces

The information that can be generated by technology when monitoring or diagnosing each person is very sensitive and therefore presents a very high potential value.

In monitoring applications, EEG is utilized in a controlled manner to know that emotional or cognitive reactions of people, in marketing or publicity environments. Specific EEG markers, such as alpha asymmetry [Ref], or N100, P200, N200, and P300 [Ref] can provide knowledge on the emotions, preferences and tastes of a person regarding politics, sexual orientation, consumption, etc; or even access cognitive capabilities such as memory, learning, problem solving, among others. In diagnosis applications, from the EEG it is possible to detect abnormal brain behavior such as epilepsy, bleeding, sleep disorders, encephalitis, tumors, migraines, and substance abuse among others.  

Ultimately, we are talking about accessing very private personal information such as true feelings and motivations, or even possible illnesses. In some cases, it could be an information that the user is not even aware of. This information could be processed to obtain, through detection algorithms, the probability of experiencing specific feelings or developing an illness. This private information, if adequately processed, can be monetized in a very profitable manner by third parties without knowledge of the users. The apple watch with ECG is now in the spotlight: there are insurance companies willing to modify premiums depending on the outcome of accessing these data.

Data Brokers or data sellers, are entities that perform data breach to collect people's personal information, create solid consumer profiles and sell everything to third parties without knowledge (or consent) from users. Currently, consumer profiles can even contain customer data including the history of a consumer (credit card, tastes, necessities, needs), information can could help determine what type of sales can be directed to this consumer, identifying the risks of offering a specific product to the consumer, etc. For some third parties, it is an important competitive advantage to know the profiles of users and consumers beforehand. Some examples of this category are insurance companies that want to optimize the calculation of the premiums of clients, human resource companies interested in minimizing the risks associated with the selection of candidates, or even banks that commercialize products such as mortgages.

In recent years, between $38 and $240 have been paid for consumer profiles that include medical histories. How much would be paid for profiles that include the intimate preferences or potential illnesses of a person, on the basis of his brain activity? Due to the precision of the profiles generated, the inequality and asymmetry of information (and therefore of the power) between third party companies and their clients could be taken to unanticipated levels. With the advances of brain-sensing devices and EEG-related technologies, massive data processing, and aggregation of information with other technologies, the neurological knowledge derived from brain monitoring will be increasingly higher, yielding more precise functional cartography of the brain. Therefore it is expected that the value of data will continue to increase.

Still regarding privacy issues, real crude data generated by EEG devices are fundamental to optimize the automatic learning algorithms or machine learning (artificial intelligence) that support brain-computer interfaces. Manufacturers have millions of samples of EEG on their cloud servers, generated by thousands of users each time they wear the headband. These data can be utilized to propel internal research or for commercialization within a very lucrative market, where large technological groups and medical research are highly demanding.

Cybersecurity risk scenarios related to the safety of brain-computer interfaces

Organized crime has transferred an important part of its activity to the digital world. It is currently more lucrative than drug or gun traffic, and it is predicted that offenses against users will continue to increase due to: 1) exponential growth of connected devices, 2) inadequate security/protection of most of these devices, and 3) unawareness of basic safety measures by the users. The irruption of BCI products will be a new incentive for this “business”, which will see neuronal data as a new form of extortion and new interfaces with the user’s body as a new opportunity of causing physical or mental damage in a remote and anonymous manner.

The following image depicts the possible attack vectors on BCI technology:

Architecture of Bci Solution

Image: attack vectors to a standard BCI solution

These attacks can be characterized on the basis of the aforedescribed risk model:

Attacked element

Description of the attack

Vulnerability explored

Impact on the user

1. Headband’s firmware

The attacker accesses the headband momentaneously and introduces malicious content in its firmware through the micro-usb port, or through an informatic program such as an app. This malware can create and send manipulated EEG data.

* Easy access to firmware.

*Lack of encryption of the firmware

* Lack of implementation of validation (digital signature and hash) for the headband or app.

* Impact 1: Theft of data, aimed at extortion or sale to third parties.

* Impact 2: Manipulation of data sent to the close control device, which leads the application to not fulfil its objective, or even worse, leads to economic benefits to the attacker.

2. Communication between EEG and close control device

The attacker establishes communication with both parties, without them knowing that the link has been breached (Man in the Middle, MiTM). The attacker can intercept and alter all transmitted messages.

* BLE transmission is not encrypted and can be intercepted easily.

* Original messages can be re-injected and manipulated.

* The App does not validate the connection device.  

* Impact1

* Impact2

3. Close control device

The attacker identifies user credentials (through social engineering, phishing) and accesses the application with them.

* Lack of awareness of the user on the protection of his/her passwords

* Lack of control mechanisms within the app (double authentication factor)

* Impact1

The attacker creates a BCI app identical to the original, but with malicious additional code. The purpose is to make the original application not work, or send stimuli to the user to cause damage or steal information. The user downloads the app thinking it is original.

* No verification of the legitimacy of the app on the server and/or headband.

* Insufficient control of apps on Apple Store, Google Play, and similar servers.  

* Impact 3: Manipulation of the actions of the app or application so that the final objective is different.

* Impact 4: Physical damage - stimuli/actions that could generate damage on the human body.  

*Impact 5: Stimuli are sent to the user and the non-conscious brain response is analysed to obtain private information (tastes, preferences.     , card pins) ,, recently called BrainSpyware.

4. Comunication between control devices

The attacker intercepts the data synchronization channel.

* Lack of encryption of communications, which allows an attacker to intercept communication and identify the EEG information of the user.

* Impact 1

* Impact 2

* Impact 6: Manipulation of data sent to the remote control device, and therefore the application does not fulfil its purpose of storing or processing data.

5. Remote control device

The attacker can access the equipment/servers of the provider (or providers of the user’s provider) and accesses EEG data of all users.

Inadequate protection of the login validation on the web service of the provider.  

Impact 1. NOTE: the scope is much more global than in previous cases, as if successful, the attacker can access information of all users.

Scenario example 1: a real case of brain-computer interface BCI

The MoreGrasp H2020 EU project is an international research effort that is developing a through-controlled neuroprosthesis (mediated by BCI). The objective is that people that have suffered spinal cord injury can carry out routine movements with their hands, such as grabbing a glass of water or brush their teeth, enhancing their autonomy and quality of life. This technology is actually undergoing clinical trials, led by the Heidelberg University, Germany.

The practical operation of the technology is: the patient thinks, in a natural manner, about the action he wishes to accomplish, and the BCI installed within the wheelchair computer decodes user intent from brain signals. Instructions are provided to the functional electrical stimulation system and electrical currents are sent to the user’s forearm nerves, mobilizing the muscles that control the hand to achieve the necessary grasp. The user received sensory feedback on a smartwatch to compensate for the lack of sensibility. Once the action is accomplished, the computer sends brain data, and data regarding the use of the technology, to the central servers of the Moregrasp system, for storage and posterior statistical purposes.

Regarding the risk scenarios related to privacy, the main scenario is the secondary use of brain data from the user, which can not only identify his tetraplegic condition (due to degeneration of the motor cortex activity [Ref]), but also other information related to mental illnesses. Besides, brain activity is monitored during 8 continuous hours (use of the device), and therefore information associated with emotions and motivations throughout the tasks carried out during day-to-day life (interaction with other people, watching tv, etc.) could also be accessed.

Regarding the security scenarios related to attacks, these can be summarized as follows, on the basis of the aforedescribed risk model:

Attacked element

Impact on the user

1. Attack to the headband’d firmware

* Impact 1: Theft of data, with the purpose of extortion or sale to third parties. In this case, it refers to EEG data or device-associated data.

* Impact 2: Manipulation of data sent to the close control device, and therefore the application does not fulfill its objective. If EEG data is manipulated there will be no causal relationship between what the person thinks and what the prosthesis executes. The person cannot learn how to use the prosthesis.

2. Attack to the communication EEG equipment-close control device

* Impact1

* Impact2

3a. Attack to the close control device (extraction of credentials )

* Impact1

3b. Attack to the close control device (substitution of app of application software)

* Impact  3: Manipulation of the actions carried out by the application to fulfill its purpose. This case is similar to Impact 2, where the prosthesis executes different orders than those requested by the user, leading to incorrect actions.

* Impact 4: Physical damage. Stimuli/actions are sent to generate damage to the human body. The application could send orders to the electrical stimulation system with very high electrical voltages to produce physical damage. Although this would be filtered by the FES medical system in the MoreGrasp case, it could lead to damage to other systems or critical infrastructures.

*Impacto 5:Brain Spyware: visual or auditory stimuli are sent to the user and the non-conscious brain response is analysed to obtain private information (tastes, preferences, PIN numbers). This could occur in the case of MoreGrasp only at the learning step, where visual neuro-feedback is produced to the user for learning purposes. This feedback could be altered with concrete visual stimuli to obtain brain reactions and evoked response (non controllable) to those stimuli, obtaining therefore information on the emotions and motivations to these specific stimuli.

4. Attack to the communication between control devices

* Impact 1

* Impact 2

* Impact 6: Manipulation of data sent to the remote control device, and therefore the application does fulfill its objective of data storage or processing. In this case, data that arrived at the Moregrasp servers would be altered, and for example the entire monitoring carried out by medical doctors (both regarding success or malfunctioning of the application) would not be correct.

5. Attack to the remote control device

* Impact1: Access to Moregrasp servers where data on all users is stored, as well as the processed information. These data could be used with extortion purposes (towards Moregrasp users) or sold to third parties.  

Scenario example 2: mass consumption EEG equipment

EEG mental gadgets for mass consumption are already a reality and start to be available to the general public. Although the applications are still limited and its use is still not widespread, we can already see examples of the insecurity of some systems. This section presents a scenario where an attack has affected the Bluetooth Low Energy (BLE) communication between the EEG equipment and the close control device (a MiTM attach number 2). The objective of the attack is to, firstly, access private information on the user and for extortion purposes (Impact 1), and secondly, modify the information destined to the control device so that it sends hazardous signals to the user (Impact 2).

One machine configured with SW GATTacker (utilized for the control of IOT devices) with two dongle USB Bluetooth was utilized for the attack. The following image shows the purpose of the attack: route the bluetooth communication between the EEG headset and the App through the attacker machine.

Architecture of Bci Pruebamitm English 01 0

Image: Attack scenario to route the traffic between the EEG headset and the App

The following figure shows the steps to carry out the attack:

  • Step 1: the attacker listens to the information generated by the EEG headset and responds by sending acceptance messages to establish a Bluetooth connection.
  • Step 2: the attacker machine uses the same information generated by the EEG headset and sends it to the App, until the App accepts the bluetooth connection.
  • Step 3: once the attacker machine has connected to the EEG headset and the App, it captures the traffic between both devices. The figure shows the identification of the sensors (in black), as well as the information sent by each sensor (in green).

Architecture of Bci Solution

This example demonstrates how the confidentiality of information can be easily compromised, leading to Impact 1 (EEG data theft with extortion purposes to the user). There is also the opportunity of compromising the integrity of the information and lead to Impact 2 (modification of the EEG information with the objective of generating signals to harm the user).

It must be highlighted that these types of attacks are extensible to many existing solutions that utilize the internet of things (IOTs), smartphone apps and cloud web services.

Solutions to the hacking of BCI applications

These risk scenarios present a series of characteristics that further extend current cybersecurity and privacy problems. On one hand, there could be a direct impact on human bodies and on the lives of the users, and on the other hand, neuronal data generated could be used and sold on different markets. With these data, data brokers could create much more precise user profiles for sale, and cybercriminal could use them for extortion purposes.

A holistic proposal is presented next, encompassing the measures that should be considered to avoid cybersecurity incidents, at a moment when neurotechnology solutions and brain-computer interfaces are still under expansion.

Implementation of technological security measures

It is fundamental to line up a set of basic controls that minimize the previously identified risks, which should include, at least:

  • Point 1:  for the EEG equipment:

    • Encryption of firmware and verification of the authenticity through hash or signature.

  • Point 2: for the wireless communication between EEG equipment and close control system:

    • Encryption of the EEG information transmitted via BLE.

    • Validation of the device that wants to connect with the App, for example, through a PIN number or Near Field Communication (NFC).

  • Point 3: for the close control device (smartphone or laptop):

    • Double authentication (fingerprint, PIN, NFC) with the objective of ensuring that the device can only be connected with an EEG device through the BLE protocol. This would prevent malicious people from carrying out attacks similar to the MiTM showed previously.

    • Authenticity control of the Apps from the EEG equipment and/or server.

  • Point 4: for the communication with provider servers:

    • Encryption of the communication, with the objective of ensuring that in the case of interception of communication by a malicious person, there will be no access to EEG data.

  • Point 5: for the remote control devices (servers):

    • Protection of the entire infrastructure of the manufacturer, where EEG data of all users are stored: physical security, operative systems, networks, storage systems, applications, web applications (access forms), etc.

Transversally, other types of privacy solutions could be implemented to protect data such as Blockchain, which enables the monitoring and auditing of data.

The concept of security by design is very important to ensure that all these measures are contemplated since the conception of the product, with participation of neuroscience professionals that complement the vision of the engineers. The security guide of the Internet of Things (IOTs), defined by the Open Web Application Security Project (OWASP) can be a valid starting point. Implementation of these measures is acknowledged as a delicate decision, as it could clash with the functional and usability aspects, besides increasing the cost of solutions.

Effective and timely regulation by governments

Although there are regulations on the protection of data, such as the General Data Protection Regulation (GDPR), these present important limitations nowadays. For example, when acquiring EEG devices from companies with no branches in the European Union, GDPR is not applicable. 

When utilizing this equipment, the user accepts to hand over his intimacy, on the terms described by the privacy policy, where it is indicated that data can be submitted to third parties and become propriety of the manufacturer without any restriction to their use (distribution, commerce, investigation), after “disidentification” (details on this process are not usually available).

Regulating these types of devices is fundamental if we wish to establish the enforceability of implementing minimal technological protections such as those indicated in the previous section, and avoid transfer situations and uncontrolled sale of neuronal information generated by users. To guarantee its effectiveness, this regulation should be internationally applicable to prevent the limitations of existing regulations, such as the GDPR (when the manufacturers are located outside the EU). Also, the regulation should be sufficiently agile to adapt to fast technological changes. In a recent study published in Nature journal, the researchers propose that neuronal information should be treated at a legislation level, at the same level of organ sales such as the 1984 US National Transplant Act. Also, these regulations should always guarantee that with these devices it is maintained the anonymity of the identity of the individual (mental and body integrity), and of the agency (capability of selecting its own actions), which could be altered according to the attacks suffered by the users. Regulation of the cybersecurity sector with the help of cybersecurity companies and institutions such as the Spanish National Cybersecurity Institute is a good start.

Education and awareness of the users

As the commercialization of BCI products (and wearables in general) progresses, it is crucial that users start to become aware of the risks they could be exposed to and of the necessity of adopting good security practices. Some examples to prevent security threats include disabling functions that are not utilized, only place EEG equipment when the service is going to be utilized, adequately manage the passwords for the Apps, and critically reading the privacy policies to be fully aware of the conditions. This type of activity could be the responsibility of independent organisms such as consumer associations, as already occurs with the European Consumer Organization (BEUC) or the spanish consumer organization (OCU).


BCI devices provide a fascinating multitude of benefits on multiple aspects of our lives, but they also convert our brains into a new information system that can be hacked, with impacts much deeper than what we experience with current technologies. Neuronal information can cease to be secret and feed an unregulated data sale business worth millions of euros, becoming a new channel to directly attack users due to the interfaces with the body. The answer to these problems includes the adoption of a holistic set of measures that involve all actors and considers the human dimensions of the impacts, not only the technological aspects.

The focus of cyber threats, cyber risks and thus cybersecurity can be generalized as including the entire spectrum of brain-computer interface technology solutions, such as invasive brain-computer interfaces (sensors are implemented directly into the brain), wearables and IOTs, which will interact with our bodies and lives in different manners and increasing proportions. Multiple improvements will be provided, but new security problems and security solutions will also arise.

Technological Implants in a person's body

Image: examples of invasive medical devices

Cybersecurity should be reinvented continuously to guarantee its effectiveness, encompassing biological, human and social fields that interact with technology, offering concepts that help understand and predict the emerging threats and new problems that might arise. It is important that the experts understand that the current dimensions of security must be broadened (confidentiality, availability, integrity) and adapt the metrics of vulnerability evaluation systems such as CVSS to cover human aspects (physical or mental damage, personal damage, information asymmetry, control). It would also be convenient that associations such as ISACA and  ISC2 included in their ethical codes the protection of the end user, not only of the organization. This will lead to an adequate prediction of technical measures, regulations and awareness content regarding new attacks.  


You might be interested in: