INFOGRAPHIC
INFOGRAPHIC
Kaspersky Lab reveals research on
future threat of memory hacking
K
aspersky Lab has warned that the
cyberattackers of the future may
be able to exploit memory implants
to steal, spy on, alter or control human
memories. And while the most radical
threats are several decades away, the
essential technology already exists in the
form of deep brain stimulation devices.
Scientists are learning how memories are
created in the brain and can be targeted,
restored and enhanced using such
implantable devices.
However, vulnerabilities exist in the
connected software and hardware and
these need to be addressed to be ready for
the threats that lie ahead, according to a
new report by researchers from Kaspersky
Lab and the University of Oxford Functional
Neurosurgery Group.
“
CURRENT
VULNERABILITIES
MATTER BECAUSE
THE TECHNOLOGY
THAT EXISTS
TODAY IS THE
FOUNDATION FOR
WHAT WILL EXIST
IN THE FUTURE.
32
INTELLIGENTCIO
The researchers combined practical and
theoretical analysis to explore the current
vulnerabilities in implanted devices used
for deep brain stimulation. Known as
implantable pulse generators (IPGs) or
neurostimulators, these devices send
electrical impulses to specific targets in
the brain for the treatment of disorders
such as Parkinson’s disease, essential
tremor, major depression and obsessive-
compulsive disorder.
The latest generation of these implants
comes with management software for
both clinicians and patients, installed on
commercial-grade tablets and smartphones.
The connection between them is based on
the standard Bluetooth protocol.
The researchers found a number of existing
and potential risk scenarios, each of which
could be exploited by attackers. These include:
• Exposed connected infrastructure
– the researchers found one serious
vulnerability and several worrying
misconfigurations in an online
management platform popular with
surgical teams that could lead an attacker
to sensitive data and treatment procedures
• Insecure or unencrypted data transfer
between the implant, the programming
software and any associated networks
could enable malicious tampering of
a patient’s or even of whole groups of
implants (and patients) connected to
the same infrastructure. Manipulation
could result in changed settings causing
pain, paralysis or the theft of private and
confidential personal data
• Design constraints as patient safety takes
precedence over security. For example, a
medical implant needs to be controlled
by physicians in emergency situations,
including when a patient is rushed into
a hospital far from their home. This
precludes use of any password that isn’t
widely known among clinicians. Further, it
means that by default, such implants need
to be fitted with a software ‘backdoor’
• Insecure behaviour by medical staff
– programmers with patient-critical
software were found being left with
default passwords, used to browse
the Internet or with additional apps
downloaded onto them
Addressing these vulnerable areas is
key because the researchers estimate
that over the coming decades, more
advanced neurostimulators and a deeper
understanding of how the human brain
forms and stores memories will accelerate
the development and use of such
technology and create new opportunities
for cyberattackers.
www.intelligentcio.com