Hacking Brains: The Security Of Brain-Computer Interfaces by Julia Wilk

hello hi everyone um I'm Julia and I'm a computer science student and I'm currently on my placement here with Airbus as a cyber security research intern and today I would like to talk to you about some interesting things that I have learned about brain computer interfaces and their security so I'll start with a quick explanation of how and why this technology works so the things that you can see here smell taste and experience are caused by neurons in your brain firing in a certain pattern so if we could record that pattern and then replay it in your brain you could potentially experience these things without physically experiencing them and this may eventually allow for for example fully immersed virtual reality and it also works the other way around if we could observe the way that someone's neurons fire we could know what it is that they are experiencing or what they are currently thinking so this is what the brain computer interfaces or bcis do they allow for bi-directional connection between the brain's electrical activity and the computer which allows for both stimulating the brain and recording its activity now for a few quick words about the history of bcis um they started in the 20s with the discovery of the EEG and first recordings of the brain's activity in the 70s EEG was used to allow a person to move an object through a maze on a computer screen using only their faults and in 2002 a blind individual was able to slowly drive around the parking lot using some of his restored Vision after being implanted with a BCI which is the camera that was mounted on his glasses to record the environment and then translated into signals that were sent to his brain and that produced sensations of seeing lights and Shades of Gray in 2005 the first person controlled a robotic Khan using a BCI which you can see on the photo I think was called the brain Gates and based on which area of the brain fired up when the person was thinking about moving their real arm the machine knew how to move the robotic hand and 2021 monkeys could play video games using only their minds and in this case it was the game of punk and they used a wireless BCI [Music] and currently bcis are used to control prosthetic limbs to restore some hearing of a Cochlear implants to estos a vision of a retinal implants or to allow paralyzed people to communicate words using only their brain activity [Music] and it's even possible to record someone's brain activity while they are watching a video and then using only those recorded brain signals you could recreate the video that they've watched using the most closely matching YouTube clips [Music] in terms of Hardware bcis range from non-invasive to highly invasive Solutions with the accuracy usually increasing with invasiveness because the closer you can get to the neurons the more accurate it can be and some of the least invasive are EEG which is an array of electrodes that goes on top of your head but it can only record a broad average of neurons in an area a more accurate one is ecog or electrocorticography and just like EEG it uses surface electrodes but in this case they go under your skull on top of the brain and one of the most invasive ones is a multi-electrode array which instead of surface electrode uses microarray electrodes and those are like tiny little needles that stick inside of your brain so invasiveness is one of the biggest challenges since you don't want to mess around with people's brains and drill big holes in their skulls and I think it's usually preferable to not have to walk around with something big sticking out of your brain so in order for this technology to take off the invasiveness will probably need to decrease [Music] and there are some companies working to address this issue for example on the left you can see neuraling and the surgical robot which could allegedly make implanting bcis as easy as Lasik eye surgery in a few years and the robot was also designed to look non-intimidating on top right you can see neural dust which are tiny Wireless sensors that could be sprinkled in different areas of the brain oh we also have stent roads and it's a BCI that goes in your vein and that it's pushed to the veins in your brain where it unwinds and that avoids having to make holes in the skull even though it still sounds quite invasive and as Sanders was actually implanted in two people successfully who lost the ability to move the arms and using that BCI they could use their faults to communicate with a computer in order to text send emails and online shopping and online banking foreign but another challenge for this technology is security vcis can directly read from someone's brain or stimulate the brain and you can probably imagine some bad scenarios that can occur if their security could be compromised so there are a lot of potential future users or pcis that sound quite sci-fi and futuristic such as fully immersed VR or controlling robotic bodies all direct brain to brain communication but the fast user pcis and in fact their current use is as medical devices and bcis are still in their infancy but there are some widely used medical devices that connect your body to a computer and allow for both reading and stimulation and an example of that are pacemaker implants in the UK there are thousands of these devices implanted every year and they can record the heart and send electrical impulses to it these devices store data about the heart rate of the users and there are some ethical and privacy concerns that come with it for example data from a pacemaker was used to convict amount of insurance frauds after his house burned down and what happened was that the man claimed that during the fire he packed a suitcase with his items broke his bedroom window and threw the suitcase outside and police in the United States accessed his pacemaker data and the cardiologist reviewed his heart rate for signs of exertion during that time and they concluded that his version of events was highly improbable and that was one of the key pieces of evidence used to charge him with frauds so even with BCI technology being in its infancy there is already a lot of data that you can learn about someone just by looking at their brain signals for example with the use of EEG you could partially extract someone's pin number by showing them different combinations and recording their brain signals in response to it by recording brain signals you could tell things like whether someone is religious or not and it can also reveal your mood or whether you're attracted to the person that you're looking at so there's a lot of extremely personal data that could be recorded and stored and once pcis are less invasive and more widely used it could be done continuously throughout the day [Music] another security concern is remote access which is often necessary with medical devices because you usually can't just put the device in and forget about it it might need to receive firmware updates and needs to be able to be turned off in case it malfunctions it might need to send some data to your GP or it might need remote monitoring access to make sure that it's working properly as an example of a BCI receiving receiving a firmware update there is a commercial retinal implant called Argus II which can restore some Vision to its users using a camera mounted on the glasses and the device originally only provided black and white Vision but it received a firmware update which upgraded the vision to seeing colors and increased the resolution [Music] or another example are some pacemakers which use Bluetooth to send data about your heart rates to a smartphone app and the app can send nightly reports to the GP using Wi-Fi so most medical devices including bcis need some way of wireless communication and remote access and with that there are many potential vulnerabilities that will need to be considered [Music] in a paper from 2019 researchers considered security of specifically brain computer interfaces and identified potential attacks the bad news is is that there is a lot of potential attacks but the good news is is that we're already familiar with most of them because they apply to other already existing computer systems for example replay attacks buffer overflow or battery drain attacks and that means that we have already developed the countermeasures to these attacks for example anomaly detection based on machine learning or input validation [Music] another potential attack is an adversarial attack there are devices called BCI spellers which use EEG to record brain activity in people who might have lost the ability to speak and then they use that activity to display words on a screen that the person wants to say using machine learning and a study from 2020 showed thus that these devices are vulnerable to adversarial attacks where an adversary can add small noise to EEG signals which can mislead the device to spell anything that an attacker wants [Applause] so there are a lot of potential vulnerabilities in bcis that will need to be addressed as those devices become more widespread in terms of widely used medical devices such as insulin pumps in 2011 at the conference a hacker shown that he could remotely hack insulin pumps and make them deliver little doses to patients and in 2013 the same hakai was about to reveal how to remotely kill pacemaker patients he claimed that he could send high voltage shock from a 50 feet distance however he died one week before presenting it at the conference so these examples show that medical devices are not immune to attacks by hackers and if a device can access your brain that provides some opportunities for serious damage so what makes it difficult to implement Security in brain computer interfaces and other medical devices one of the reasons is that changes to the software of medical devices might require getting it re-certified by for example the FDA and that's why they don't usually receive regular software updates like smartphones or self-driving cars too another reason is that there is a trade-off between the device being closed off from access and a device being able to be accessed quickly by medical professionals in case of an emergency and one more reason is that adding security measures such as expensive cryptographic operations could mean increasing power consumption which already has to be very limited [Music] so in general I think that bcis are very exciting and promising technology with the potential to improve lives but a lot of care and consideration will need to be taken to address the various security concerns what this makes me think about is security by design for example the internet was not expected to take off the way it did and it was not design of security in mind but with bcis we have the advantage of knowing what types of attacks to expect and what we need to prepare for and we also know that they will be used for medical purposes so we know that there will be a risk of someone getting hurt if they're not secure enough and in terms of the direction of research there is an immediate commercial reward for making bcis more reliable or faster but it might not be as immediately advantageous to make them more secure and when I talk to other people in the cyber security Community most of them have not had very much about brain computer interfaces and my hope is that if there is more cyber Security Professionals interested in bcis then there will be more research in the security of these devices so I hope that you have found this talk interesting and thank you thank you any questions hey a really nice talk really good quite a few things um it's a bit of a dystopian question I think you mentioned um that with one of the implants it blocks the person being able to move their arm is that correct it could it could interact with the brain in such a way that it could uh sort of I don't know change signals or my ultimate question being did you see a future where someone had an implant that would they would actually if they were hacked they would you know be able to overpower the brain bit of free will like even if I didn't want to move my arm if somebody had the right access they could you know trigger the electrical signal synapses to make me go and do something like that um potentially yes I believe that the way they work right now is that you don't use any different part of your brain you just use the same part that you would use thinking about moving your arm only it goes into your prosthetic arm and that arm knows to move that same way so you don't use a different part of your brain and yeah there's quite a lot of potential scary scenarios that could be a script of a Black Mirror episode I'm sure that's it so yeah they sound very futuristic but I think it's something worth considering because the technology is getting their hands yeah thank you thank you foreign so a couple of questions sorry I'm really cheeky first I've just happened just why everybody so what does your Airbus have um what is their interest in this field and secondly um from you personally so is your interest more in the security element of it or obviously is it just because it's besides you're speaking more to that or is yours more broadly about this kind of human computer oh sorry brain computer uh connectivity piece like what's your kind of specific um interest in it be Airbus interesting oh and what I know at least what I'm working on right now at Airbus is not related to brain computer interfaces it's just an interest that they have and they let me come here as a part of an intern development program so I'm not working on it currently um and your next question um yeah my main interest is not specifically the security of them it's one of many things that I think are important but what interests me the most about BC pies I think is just a potential future possibilities I feel that they could really improve human lives there is of course risk of things going wrong um but yeah I think what excites me the most is what could happen and what life could be once those things are available and also secure so yeah does that answer your question thank you thank you very much