Thursday, 31 January 2013

Neurohacking: A Brain Caper

As any neuroscientist or psychologist knows, calling the human brain “flawed” would be an understatement. Brains can be distracted easily, reject information they disagree with, and convinced to make rather stupid decisions not in their self-interest. Just Google the term “cognitive bias” for some clear examples. The brain is an impulsive, ad hoc massively parallel system, if we wish to view it as a computer system. 

Like other computers, the brain can be hacked. That is, its vulnerabilities can be exploited for someone else’s motives or curiosity. Eating sweetened foods or watching TV are common “hacks” for the pleasure centers of the brain. However, as neurotechnology advances, they may also be hacked. It is already possible to hack invasive implants (such as pacemakers, cochlear implants, etc.), so hacking a brain implant (especially a wireless one) is not outside the realm of possibility. Personal information could be placed at risk. 

More interestingly, brain-hacking is possible even by non-invasive venues. Even EEG, an older technology, can beused for neural hacking. EEG headsets are becoming commercialized and cheaper (about 200-300 USD). One use for these is brain computer interface (BCI). Brain computer interface (BCI) is a technology which allows an individual’s brain signals to control a computer or prosthetic device. There are applications for medicine (e.g. assisting disabled persons) and for entertainment (e.g. computer and video games). 

Interestingly, a simple EEG-based BCI system was used to unknowingly steal information from participants in a study. The types of information included house locations, bank account and credit card numbers, PINs, and the like. The study had a ~10-40% success rate on its 28 participants. None of them knew they were being hacked. Imagine if hackers disguised such an information-stealing program as a computer game, or embedded such a system with a popular computer game. 

Imagine if the personal data harvested by such an endeavor was encrypted, cached, and stored online for later retrieval. For instance, imagine if any a small amount of cash from compromised bank accounts was converted into an encrypted, online currency (e.g. BitCoin) and then vanishes into the underground economy. Such a process could easily be automated and be implemented at a low cost.
There are possible defenses and countermeasures that could be used. For example, tagging suspicious transactions with online banking could be one. Another could be allowing open access to code to check for any hacks or tweaks of the sort. Some people may have “natural defenses” in the form of forgetfulness and absent-mindedness. Still, the low success rate (<50%) means that in order to be profitable, such a hack would need to target large numbers of people or specifically target wealthy people. Social engineering may also be combined to prevent people from realizing anything is amiss, as well. 

Given that all the technologies for such an endeavor already exist, implementing a prototype system could be a rewarding task. Likewise, imagine if government and private spy agencies began investigating this technology. What could possibly go wrong?

No comments:

Post a Comment