Elsevier

World Neurosurgery

Volume 92, August 2016, Pages 454-462
World Neurosurgery

Literature Review
Brainjacking: Implant Security Issues in Invasive Neuromodulation

https://doi.org/10.1016/j.wneu.2016.05.010Get rights and content

The security of medical devices is critical to good patient care, especially when the devices are implanted. In light of recent developments in information security, there is reason to be concerned that medical implants are vulnerable to attack. The ability of attackers to exert malicious control over brain implants (“brainjacking”) has unique challenges that we address in this review, with particular focus on deep brain stimulation implants. To illustrate the potential severity of this risk, we identify several mechanisms through which attackers could manipulate patients if unauthorized access to an implant can be achieved. These include blind attacks in which the attacker requires no patient-specific knowledge and targeted attacks that require patient-specific information. Blind attacks include cessation of stimulation, draining implant batteries, inducing tissue damage, and information theft. Targeted attacks include impairment of motor function, alteration of impulse control, modification of emotions or affect, induction of pain, and modulation of the reward system. We also discuss the limitations inherent in designing implants and the trade-offs that must be made to balance device security with battery life and practicality. We conclude that researchers, clinicians, manufacturers, and regulatory bodies should cooperate to minimize the risk posed by brainjacking.

Introduction

The concept of altering human conscious experience and behavior with unauthorized manipulation of implanted electronic devices dates back to science fiction literature of the 1980s, when authors began to speculate about the advantages and pitfalls offered by hypothetical electronic neural implants.1, 2 Until recently the risk of neurological implants being used against their users was firmly in the realm of fantasy. However, the increasing sophistication of invasive neuromodulation, coupled with developments in information security research and consumer electronics, has resulted in a small but real risk of malicious individuals accessing implantable pulse generators (IPGs). Unauthorized access to IPGs could cause serious harm to the patients in whom the devices are implanted.

This review summarizes the current literature on the plausibility and potential impact of this risk, identifies possible physiologic mechanisms of attack, and highlights trade-offs inherent in IPG design that provide exploitable vulnerabilities. In doing so we aim to increase awareness of neurological implant security and thereby stimulate discussion of defensive measures. Other than a very brief review from 2009,3 this article is the first to address medical implant information security threats in detail from a neurological/neurosurgical perspective.

For the purposes of this review, unauthorized control of an electronic brain implant will be referred to as “brainjacking,” analogous to the hijacking of a vehicle. The term neurosecurity is used to refer to defense mechanisms protecting neurological implants from subversion.3

Section snippets

Plausibility and Risk of Brainjacking

More than 100,000 patients worldwide have received deep brain stimulation (DBS), predominantly for movement disorders.4 This number is only likely to increase in the future as DBS shows promise for treating a wide range of neurological and psychiatric conditions.5, 6 More speculatively, DBS and similar implants have been proposed as a potential tool for enhancing cognition in healthy individuals7, 8, 9 and as a method of correcting “abnormal moral behavior.”10 Factors contributing to the

Methods of Attack

Once attackers have successfully breached security on a device, they have several options for brainjacking their victim. Stimulation parameters including voltage/current, frequency, pulse width, and electrode contact can be altered to change the effect of stimulation.30 These potential attacks are unlikely to be directly lethal, but may cause serious harm and distress. The accompanying list is not exhaustive and, as the variety and complexity of invasive neuromodulation therapies increases, the

Secure Implant Design

Several design constraints exist that necessitate trade-offs between neurosecurity and other desirable features of IPGs. These trade-offs and challenges, along with specific methods of attack and desirable security features for future devices, have been discussed in greater detail elsewhere,27, 28, 29, 77, 78, 79 therefore this section will only consider the factors most relevant to clinical practice—battery life and practicality.

Telemetric adjustment of IPG settings provides substantial

Conclusions

Use of implanted neuromodulation is still a relatively new field, but has already had a great impact on the treatment of several severe neurological disorders. The future of this field is highly promising and, contingent on positive outcomes in clinical trials and gradual reductions in hardware cost, it is probable that these devices will only become more popular. This popularity is also contingent on factors, such as public acceptance and reliability of implanted neurostimulators, both of

Acknowledgments

Thanks to Binith Cheeran, Andrew Dwyer, Amy Gillespie, Hannah Maslen, Piers Nye, Anders Sandberg, Timo Siepmann.

References (95)

  • R.G. Bittar et al.

    Deep brain stimulation for pain relief: a meta-analysis

    J Clin Neurosci

    (2005)
  • S.G.J. Boccard et al.

    Deep brain stimulation for chronic pain

    J Clin Neurosci

    (2015)
  • E.A.C. Pereira et al.

    Neuropathic pain and deep brain stimulation

    Neurotherapeutics

    (2014)
  • D. Raucher-Chéné et al.

    Manic episode with psychotic symptoms in a patient with Parkinson’s disease treated by subthalamic nucleus stimulation: improvement on switching the target

    J Neurol Sci

    (2008)
  • R.J. Park et al.

    Hungry for reward: how can neuroscience inform the development of treatment for anorexia nervosa?

    Behav Res Ther

    (2014)
  • Y. Kim et al.

    Vibration-Based Secure Side Channel for Medical Devices

    (2015)
  • S. Kraemer et al.

    Human and organizational factors in computer and information security: pathways to vulnerabilities

    Comput Secur

    (2009)
  • W. Gibson

    Neuromancer

    (1984)
  • S. Masamune

    Ghost in the Shell

    (1989)
  • T. Denning et al.

    Neurosecurity: security and privacy for neural devices

    Neurosurg Focus

    (2009)
  • H. Shen

    Neuroscience: tuning the brain

    Nature

    (2014)
  • M. Hariz et al.

    Future of brain stimulation: new targets, new indications, new technology

    Mov Disord

    (2013)
  • R. Hu et al.

    Role of deep brain stimulation in modulating memory formation and recall

    Neurosurg Focus

    (2009)
  • N. Lipsman et al.

    The contemporary practice of psychiatric surgery: results from a survey of North American functional neurosurgeons

    Stereotact Funct Neurosurg

    (2011)
  • N. Bostrom et al.

    Cognitive enhancement: methods, ethics, regulatory challenges

    Sci Eng Ethics

    (2009)
  • M. Fumagalli et al.

    Functional and clinical neuroanatomy of morality

    Brain

    (2012)
  • Radcliffe J. Hacking medical devices for fun and insulin: breaking the human SCADA system. Paper presented at: Black...
  • Robertson J. McAfee Hacker Says Medtronic Insulin Pumps Vulnerable to Attack, 2012. Available at:...
  • D. Pauli

    Hacked terminals capable of causing pacemaker deaths

    (2012)
  • D. Halperin et al.

    Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses

    (2008)
  • FDA

    Cybersecurity for medical devices and hospital networks: FDA safety communication

    (2013)
  • FDA

    Collaborative approaches for medical device and healthcare cybersecurity

    (2014)
  • FDA

    Postmarket management of cybersecurity in medical devices: draft guidance for Industry and Food and Drug Administration staff

    (2016)
  • FDA

    Cybersecurity vulnerabilities of hospira symbiq infusion system: FDA safety communication

    (2015)
  • Department of Homeland Security: Industrial control systems cyber emergency response team. Medical devices hard-coded...
  • B. Benedict et al.

    The insulin pump as murder weapon: a case report

    Am J Forensic Med Pathol

    (2004)
  • Gupta S. Dick Cheney’s heart. CBS. Available at: http://www.cbsnews.com/news/dick-cheneys-heart/. Published 2013....
  • A.J. Fenoy et al.

    Risks of common complications in deep brain stimulation surgery: management and avoidance

    J Neurosurg

    (2014)
  • Paulson K. Hackers assault epilepsy patients via computer. Wired. Available at:...
  • Gallagher S. Highway to hack: why we’re just at the beginning of the auto-hacking era. Ars Technica. 2015. Available...
  • I Am the Cavalry. Five Star Automotive Cyber Safety Program. Available at:...
  • C.-S. Park

    Security mechanism based on Hospital Authentication Server for secure application of implantable medical devices

    Biomed Res Int

    (2014)
  • J.L. Hall et al.

    For telehealth to succeed, privacy and security risks must be identified and addressed

    Health Aff (Millwood)

    (2014)
  • D. Shah et al.

    Clinical manifestations of tolerance to deep brain stimulation (P6.075)

    Neurology

    (2014)
  • T. Martin et al.

    Denial-of-service attacks on battery-powered mobile computers

    (2004)
  • P. Burbaud et al.

    Minimal tissue damage after stimulation of the motor thalamus in a case of chorea-acanthocytosis

    Neurology

    (2002)
  • C. Haberler et al.

    No tissue damage by chronic deep brain stimulation in Parkinson’s disease

    Ann Neurol

    (2000)
  • Cited by (76)

    • Ethical considerations in the surgical and neuromodulatory treatment of epilepsy

      2022, Epilepsy and Behavior
      Citation Excerpt :

      Fourth, autonomy may be compromised if a third party manipulates the stimulation parameters in clinic or remotely [111]. Blind or targeted “brainjacking” occurs when hackers exert malicious control over NDs, particularly DBS devices [127,128]. Although the true effect of brainjacking on autonomy depends on the third party and effects of the attack, autonomy is nonetheless compromised [129].

    • Ethical Considerations in the Implantation of Neuromodulatory Devices

      2022, Neuromodulation
      Citation Excerpt :

      Additionally, autonomy of the patient could be called into question if a third party unexpectedly manipulates the stimulation parameters of the ND either in clinic or remotely with more advanced NDs.36 Hackers may seek to exert malicious control over NDs, particularly DBS devices, to manipulate patients through blind or targeted “brainjacking” attacks.43,44 While the implications of brainjacking on autonomy depend on the third party undertaking the attack, the element of autonomy affected, and the role of that element in the overall understanding of the scope and value of patient autonomy.45

    View all citing articles on Scopus

    Conflict of interest statement: The authors would like to thank the Norman Collisson Foundation and NIHR Oxford Biomedical Research Centre for funding this work.

    View full text