The CyberBrain Project - Cybersecurity in Brain-Computer Interfaces

The CyberBrain Project - Cybersecurity in Brain-Computer Interfaces

10 Min.
By the CyberBrain Project team
May 28, 2021

The CyberBrain Project was one of the 6 winning proposals of the 2020 Call for Research Projects organized by Bitbrain. This project aims to identify and exploit BCI cybersecurity issues within an advanced driver assistance scenario, defining three use cases where Bitbrain devices can be applied to this environment. Moreover, CyberBrain will design and implement a framework to detect cyberattacks affecting the BCI lifecycle of Bitbrain products.

Relevance of cybersecurity over Brain-Computer Interfaces (BCIs)

Despite the relevance and possibilities of Brain-Computer Interfaces (BCIs), they generate significant concerns in terms of cybersecurity. The literature has identified some cyber threats or attacks against subjects, aiming to exploit vulnerabilities and to acquire sensitive information through P300 potentials (Martinovic et al., 2012), and obtaining information about users' bank PIN codes or their place of residence.

Moreover, other works have detected the applicability of certain software attacks to BCIs, highlighting the limitations that these systems currently have (López Bernal et al., 2021). Additionally, noise attacks have been recently addressed to mislead BCI spellers, preventing users from communicating messages with their thoughts (Zhang et al., 2020). 

These cybersecurity attacks exploit vulnerabilities that can affect different application scenarios (see cybersecurity in brain-computer interfaces or (López Bernal et al., 2021) for summaries), being one of the most exciting usages of BCIs as assisting technology in driving scenarios.

In this context, CyberBrain identifies three use cases where the BCI can be used as communication interfaces with the navigation module of the vehicle (UC1), to infer the cognitive and motor status of the driver (UC2), or detect the driver’s emotional state (UC3), helping to reduce accidents or adapt the driving experience.

However, the cybersecurity issues of BCIs and their application to the previous use cases open several questions:

  1. Q1: Could BCIs improve drivers' experience and safety by mentally controlling the navigation and multimedia systems of the vehicle, and identifying the drivers' emotional status to adapt the vehicle settings accordingly?
  2. Q2: Could BCIs prevent crashes by monitoring and predicting subjects' motor actions and cognitive status?
  3. Q3: Could attackers extract sensitive information manipulating the stimuli presented by multimedia systems?
  4. Q4: Could attackers disrupt the integrity of the transmitted data to generate particular events in the neural signals artificially
  5. Q5: What characteristics should have a framework able to detect cyberattacks on BCIs?

Improvements proposed by CyberBrain on the previous challenges

To answer the previous questions, the main objective of CyberBrain is to design and deploy a framework able to detect cyberattacks affecting the subject, hardware, and software dimensions of the BCI lifecycle in an advanced driver assistance scenario. To achieve that, this project defines the following sub-objectives and their relationship with the previously presented research questions:

Extend previous work on cybersecurity in BCI (López Bernal et al., 2021) to analyze vulnerabilities and cybersecurity of Bitbrain hardware and software products and propose a list of potential countermeasures (aligned with RQ3, RQ4).

  1. Deploy in a testbed UC1, UC2, and UC3 with Bitbrain products and subjects (aligned with RQ1 and RQ2).
  2. Design and implement a framework able to detect cyberattacks affecting the BCI lifecycle and Bitbrain products, measuring the impact these cyberattacks may have on the products (aligned with RQ5).
  3. Design and implement a set of cyberattacks against the subject, hardware, and software dimensions in UC1, UC2, and UC3 (aligned with RQ3, RQ4, and RQ5)
  4. Validate the framework and measure the impact of the previous cyberattacks over UC1, UC2, and UC3 (aligned with RQ5).

The Current State of CyberBrain

Once presented the description and goals of the CyberBrain project, this post describes the current status of the project, starting with the design and implementation of a framework in charge of managing the lifecycle of the three use cases (UC1-UC3). For that, the framework has been integrated into a driving simulator to emulate a realistic driving environment.

Figure 1 shows the deployed scenario composed of the Bitbrain EEG cap named Bitbrain Versatile EEG 8 and the used simulator.

While the BCI is used to obtain the EEG signal (left monitor), the simulator incorporates the driver experience and distraction mechanisms (right monitor). Furthermore, the processed EEG signal is integrated into the simulator, which is compatible with the steering wheel and pedals, to provide experimentation with realism.

This process maintains a continuous synchronization based on independent processes to obtain a dataset with the EEG signal per channel, elements of distraction originated, and eventualities produced such as collisions with other cars, people, or urban furniture.

Figure 1 Driving Scenario Implemented for Cyberbrain

Figure 1: Driving scenario implemented for CyberBrain.

Moreover, we have studied existing vulnerabilities in BCI devices, whose exploitation has allowed performing various cyberattacks over UC1, as subsequently presented.

Design and implementation of a framework

The framework architecture consists of several independent components to satisfy the functionality required for each phase of the BCI cycle, as depicted in Figure 2:

  • Signal acquisition: This component addresses the acquisition of brain waves monitored by the BCI headset. The data transmission between the BCI headset and the framework is implemented using the LSL protocol. Moreover, this module performs the synchronization of events, such as external stimuli presented to the users, with the EEG signals to allow subsequent stages.
  • Signal processing: This module applies preprocessing techniques to the acquired EEG signals (e.g., notch filter, band-pass filter) to reduce the noise of the signals and facilitate the extraction of relevant information.
  • Functionalities: Set of modules containing the implementation of the requirements and functionality for each particular use case.

Figure 2   Cyberbrain Framework

Figure 2: CyberBrain framework. Modules of the framework already implemented are highlighted in green color, while those in yellow color represent modules under development.

Figure 2 depicts the three use cases considered in the driving assistance scenario.

  1. The first use case (UC1) focuses on using BCIs to establish a mental interaction with the navigation and multimedia systems of the vehicle by using P300 potentials. Users could mentally select common destinies presented in the navigation screen, perform simple actions over the music (e.g., pause, resume or change a song), or use the spelling capabilities of P300 to indicate words that are then transmitted to a web browser. 
  2. The second use case (UC2) lies in the early detection of the drivers' motor reactions and cognitive status to avoid vehicle collisions. The utilization of BCIs can tell in advance if the driver will perform a motor action and notify the user if people or other vehicles are in the trajectory of the intended movement to prevent it. Moreover, the cognitive status analysis (e.g., concentration, stress) is essential to predict how the user will react. 
  3. The third use case (UC3) focuses on identifying the subject's emotional status to select the adequate driving mode. For example, if the driver's emotional state is sadness, the multimedia system could play the music that the user typically listens to bring this mood state to a more positive one. However, to bring to reality these use cases (and some other similar ones), BCI cybersecurity issues applied to the automotive sector must be first detected and adequately addressed.

At the moment, only the functionality for the first use case has been implemented, which aims to detect the presence of P300 potentials within the acquired brain waves.

For that, five classifiers based on machine learning have been implemented for their detection, using cross-validation and stratification during their training.

Functionalities for UC2 and UC3, based on cognitive and emotional state detection, are currently under implementation within the framework.

Breaching subjects’ thoughts privacy

The first category of cyberattacks defined in CyberBrain consists in verifying if malicious visual external stimuli presented in the navigation system can elicit the presence of P300 potentials to obtain or get unauthorized access to sensitive information.

For that, we have evaluated the impact that the duration of the visual stimuli has in the generation of P300, exploring if subliminal stimuli can be performed over the drivers without their knowledge.

To verify the feasibility of this, a series of experiments were conducted in which subjects were shown a set of images.

Figure 3 shows the moment in which one subject wearing a Bitbrain Versatile EEG 8 is exposed to one image (left monitor) and the EEG signal acquired by the Bitbrain Versatile EEG 8 (right monitor) to detect P300 waves. The set of images consisted of target images (known to the user) and non-target images (unknown to the user). 

These experiments differ in the presentation duration of the known stimuli, starting from 500ms in the first experiment and moving down to 10ms in the last one, a time imperceptible to the human eye. Moreover, the duration of non-target images was fixed to 500ms in all experiments.

Figure 3   Subject Exposed to Visual Stimuli Left Monitor in A Cyberbrain Experiment

Figure 3: Subject exposed to visual stimuli (left monitor) in a CyberBrain experiment.

These experiments have been performed over 10 subjects of different ages and sex, whose results for the first four experiments indicated that stimuli perceptible by the eye (i.e., supraliminal) produced a P300 potential in about 50% of the cases. On the other hand, based on subliminal stimuli, the fifth experiment did not produce P300 in any subjects.

These results suggest that, although subliminal stimuli could not impact data confidentiality, supraliminal stimuli could effectively obtain sensitive information from the driver when using the navigation system of the vehicle.

Noise-based cyber-attacks affecting P300 integrity

These cyberattacks consist of manipulating the acquired brain waves used in UC1 to identify P300 events, studying the impact of performing these attacks over the acquisition and processing phases of the framework (Martínez Beltrán et al., 2021).

In particular, the main goal is to artificially introduce variations on the signal to misclassify, or identify as P300, fragments of the signal that do not contain these potentials. These modifications are based on random signals using Additive White Gaussian Noise (AWGN).

Moreover, four attacker profiles have been defined according to their knowledge of the BCI framework and the application scenario.

We subsequently present the results of using the most aggressive profile, a white-box approach in which the attacker knows the communication between the BCI and the framework, and information about the framework. The attacker also has experience with the P300 potential and its physical particularities and can access the classification models to verify their output.

Figure 4 shows a fragment of dynamic noise generation performed by the attacker. The attack is divided into four distinct parts, applying different noise intensities in each part. The objective is to adapt the signal to the generation of P300 potentials, which the trained classifiers will identify.

Figure 4   Noise Based Cyberattack against The Eeg

Figure 4: Noise-based cyberattack against the EEG.

Figure 5 presents the modules of the framework affected by the attack. Concerning the acquisition phase, this work simulated the application of physical noise during data transmission over the wireless medium, more specifically between the scalp and the electrodes of the BCI headset. The attack performed at the end of the processing phase is malware-based, simulating the alteration of the information once it has been obtained and processed by the BCI framework.

Figure 5   Modules of The Framework Affected by Noise Based Cyberattacks Highlighted in Red Color

Figure 5: Modules of the framework affected by noise-based cyberattacks, highlighted in red color.

The results obtained show that an attacker with greater knowledge of the BCI cycle can create more sophisticated attack vectors to generate P300 waves in the EEG signal. Similarly, it is observed that attacks affecting the processing phase (malware-based attacks) have a more significant impact on the generation of P300.


Building secure neurotechnologies and brain-computer interfaces is a must as they have access to sensitive information and applications. It is important the implication of large bodies such as the National Institute of Standards and Technology or other regulatory bodies that help to ground the design and implementation principles of this technology. 

About the Authors

Enrique Tomás Martínez Beltrán - LinkedIn

Enrique Tomás Martínez Beltrán is a M.Sc. Student in New Technologies at the University of Murcia, specialized in networking and telematics. He is currently working on an End of Master Project based on cybersecurity and Brain-Computer Interfaces. His research includes the study of cognitive state in subjects during a simulated driving scenario, generating periods of distraction and detection of patterns in the EEG signal using Machine Learning. He also investigates new techniques for attacking and defending infrastructures. His interests include cybersecurity and new technologies.

Mario Quiles Pérez - LinkedIn

Mario Quiles Pérez received the B.Sc degrees in computer science from the University of Murcia, doing his final degree work on "adversarial attacks in BCI using visual stimuli". He is currently doing his Master in New Technologies at the University of Murcia, where he is doing research on emotion detection using machine learning in driving environments with brain-computer interfaces.

Sergio López Bernal - LinkedIn | Twitter

Sergio López Bernal received the B.Sc. and M.Sc. degrees in computer science from the University of Murcia, and the M.Sc. degree in Architecture and Engineering for the IoT from IMT Atlantique, France. He is currently pursuing the Ph.D. degree with the University of Murcia. His research interests include ICT security on Brain-Computer Interfaces, and network and information security.

Alberto Huertas Celdrán, Ph.D. - LinkedIn

Alberto Huertas Celdrán received the M.Sc. and Ph.D. degrees in computer science from the University of Murcia, Spain. He is currently a senior researcher associated with the Communication Systems Group (CSG) at the University of Zurich UZH. His scientific interests include medical cyber-physical systems (MCPS), brain–computer interfaces (BCI), cybersecurity, data privacy, continuous authentication, semantic technology, context-aware systems, and computer networks.

Prof. Gregorio Martínez Pérez - LinkedIn

Gregorio Martínez Pérez is Full Professor in the Department of Information and Communications Engineering of the University of Murcia, Spain. His scientific activity is mainly devoted to cybersecurity and networking, also working on the design and autonomic monitoring of real-time and critical applications and systems. He is working on different national (14 in the last decade) and European IST research projects (11 in the last decade) related to these topics, being Principal Investigator in most of them. He has published 160+ papers in national and international conference proceedings, magazines and journals.


  • (Martínez Beltrán et al., 2021), Enrique Tomás Martínez Beltrán, Mario Quiles Pérez, Sergio López Bernal, Alberto Huertas Celdrán, and Gregorio Martínez Pérez (2021). Noise-based cyberattacks generating fake P300 waves in brain–computer interfaces. Cluster Computing.
  • (Martinovic et al., 2012),
  • (López Bernal et al., 2021), Sergio López Bernal, Alberto Huertas Celdrán, Gregorio Martínez Pérez, Michael Taynnan Barros, and Sasitharan Balasubramaniam. 2021. Security in Brain-Computer Interfaces: State-of-the-Art, Opportunities, and Future Challenges. ACM Comput. Vol. Surv. 54, no. 1, April 2021.
  • (Zhang et al., 2020),  Xiao Zhang, Dongrui Wu, Lieyun Ding, Hanbin Luo, Chin-Teng Lin, Tzyy-Ping Jung, Ricardo Chavarriaga, Tiny noise, big mistakes: adversarial perturbations induce errors in brain–computer interface spellers, National Science Review, Vol. 8, no. 4, April 2021.

You might also be interested in

Hero EEG
Self-management and wearable dry-EEG headset.
Learn more