Brainjacking

Brainjacking

Target: Medical Devices

Attack Vector: Wireless Signal Interception

Summary: Brainjacking is the term for an internet connected medical device that has been compromised. There are a number of medical devices that are connected to the internet and therefore have the capacity to be compromised, such as pacemakers, defibrillators & intravenous drug delivery systems. Hacking the brain of a patient with a medically implanted stimulation device has now been proven as a potential target for actors. Threat actors could change the voltage delivered to the device, which could easily invoke sensory changes or denial, other disabilities or, in extreme circumstances, death.

The devices use wireless protocol for programming updates and to receive medical data from the patient. This makes the possibility of radio-based attacks a reality. Additionally, the possibility of patient data leakage, such as names and dates of birth from compromised wireless signalling, is a real possibility.

In the current political climate, there could be a variety of reasons why a bad actor may wish to carry out a brainjacking attack. These include political, cyber warfare, extortion, blackmail, revenge or even perverted amusement.

Currently, it is not possible to use this technology to inject inferences into the patient’s brain. Further developments and enhanced software will enable patient’s brainwave behaviours to be analysed to facilitate more precise care delivery. Therefore, if these signals were able to be intercepted and reverse engineered, it has been theorised that future attacks could be used to inject an inference into the patient’s brain.

Risk assessment summary: This threat has been assessed as 3F MODERATE. The possibility of this kind of attack is unlikely, due to extremely limited number of actors who could potentially look to exploit this weakness. In addition, the specialist nature of the equipment and the fact that the target is an extremely small section of the Internet of Things connected devices, also reduces the risk. However, due to current political tensions, if this type of vulnerability could be exploited or developed further, it could potentially have extremely serious consequences. The impact of any such incidents could have a critical threat to life.