by Vicki Xu
figures by Corena Loeb

Suppose someone wants to move their arm. How might they accomplish this task? 

Every action starts with a thought — for instance, “move my arm” — that is essentially an electrical signal in the brain. The brain will send this message to the muscles in the arm, and the muscles in the arm will move.

Now imagine that the connection between the brain and muscles is damaged, as in certain spinal cord injuries. In this case, a task like moving an arm can no longer be accomplished just by a thought.

Enter brain-computer interfaces (BCIs), a technology that can stand in for the central nervous system for certain tasks. Because thoughts are encoded as electrical signals in the brain, a computer algorithm can be trained to decode these signals into an intention to do something. A BCI makes use of this function, translating brain signals into commands to an external device. 

For instance, a BCI might allow a patient with spinal cord injuries to move paralyzed limbs by interpreting signals from the brain and relaying them to the muscles in the arm, bypassing the damaged nerves in the spinal cord to restore some functionality in the patient’s limbs (Figure 1). Or a BCI might allow an amputee to control the direction of their wheelchair

Figure 1. A BCI workflow: The BCI essentially acts as a bridge between the user’s thoughts and the desired action. Here, the thought is “move my arm” –  an effective BCI will allow the arm to move in response.

It may sound like something straight out of science fiction, but BCIs have experienced explosive progress in recent years. Applications abound in areas encompassing medicine, art, and the military; BCIs have been developed to move a robotic arm, control an avatar in a video game, or drive a vehicle. However, BCIs are vulnerable to hacking in ways that may cause the attached devices to malfunction– for instance, a virtual keyboard that begins to type erratically instead of according to the operator’s wishes. Recently, MIT researchers demonstrated that BCIs can be hacked remotely, using no equipment other than a computer connected to a radio wave transmitter. 

Why should we care about BCI hacking in the first place, and what is the significance of remote BCI hacking? To understand this, let’s first dive into how a BCI works.

Anatomy of a BCI

Depending on what a person is thinking, their brainwaves will look different – a BCI can record these brainwaves and then interpret the user’s thoughts. BCIs typically consist of two components: a hardware component that records signals from the brain and a software component that processes these signals to control a device, such as a keyboard or robotic arm (Figure 2).

Figure 2. The BCI’s hardware components consist of EEG equipment and any machinery that the BCI user is intended to control. The BCI’s software component consists of the algorithms used to process and analyze EEG data, and convert them into commands.

Part of the hardware in BCIs is dedicated to gathering brainwaves. All BCIs use electrodes, which can be placed either internally or externally, to do so. Internally-placed methods include direct implants into brain areas or electrocorticography, which places electrodes in contact with the surface of the brain. Externally-placed methods include electroencephalography, in which electrodes are attached to the scalp. 

While internal methods are more precise, they are also more invasive. For this reason, most BCIs use electroencephalograms (EEGs) to gather the user’s brainwaves. An EEG measures electrical activity in the brain from neurons, the cells of the brain, signaling to one another. The recorded signals are then sent to a software device that processes the recording into a command for an external device. 

The external device is often equipped with a machine learning model that interprets the desired action encoded by the brain signals. A machine learning model is a computer program that is designed to recognize patterns in data, or make predictions, allowing the external device to operate more effectively.

BCI Security Risks

Any computer can be hacked, and BCIs are no exception. Breaches can have immense implications. For instance, a BCI-controlled vehicle, if hacked, may get into accidents more easily, not start at all, or be manipulated into taking routes that the user does not intend. Furthermore, raw EEG data can be modified by a third party to manipulate the BCI. Research has shown that virtual keyboards controlled with EEG data are susceptible to such attacks, as small changes in the EEG brainwaves are enough to interfere with a virtual keyboard’s spelling and operation. Not only can the external device be affected, but a hacked BCI might also leak sensitive information about the user. 

A recent study found that when presented with certain visual stimuli, a BCI user’s brainwaves could be decoded to reveal sensitive information such as PINs, geographic location, bank information, or recognition of other people. In their experimental setup, participants wore an EEG-based BCI connected to a computer that showed them a stimulus. In one experiment, the scientists showed users a sequence of ten images of unknown people and one image of Barack Obama, with the understanding that their subjects would recognize Obama (Figure 3). They found that the BCI’s software could use the subjects’ EEG to identify individuals familiar to the subject with greater certainty than by random guess. 

Figure 3. The setup for the study assessing the security impact of visual stimuli on individuals wearing BCIs. Participants using an EEG-based BCI were shown a sequence of images of unknown people, and one image of Barack Obama, who was familiar to all participants. Their EEGs were collected and analyzed.

Essentially, this implies that a malicious BCI developer might be able to design videos and images in their application such that they can conclude whether a user recognizes a particular person. Some services, such as Facebook, ask users to identify their friends’ faces as a way to verify their accounts. So this type of BCI software could grant a hacker access to a user’s otherwise secured account.

A new study further extended the aforementioned research to subliminal brain activity. Even if participants were shown stimuli too quickly for them to realize they saw it, such as an image that flashes for several milliseconds in a video, the BCI software would still be able to identify familiar individuals with greater certainty. Hence, attacks that are consciously undetectable can still effectively gather information. 

Finally, an additional new study from MIT targeted the hardware of the BCI itself, and required  only equipment that emits radio waves into the EEG system. The radio waves were able to  contaminate the signal data that was passed forward to the BCI’s model. This method successfully hacked a research-grade EEG device, an open-source EEG device, and a consumer-grade EEG device. The researchers demonstrated how the technique was able to force any phrase to be typed in a virtual keyboard speller, crash a drone, or cause a neurally-controlled meditation tool to report a false meditative state. The effectiveness of this attack decayed with distance and with obstructions, but still poses a thorny challenge for BCIs that must be used in public. 

Looking to the Future

Some consumer-grade BCIs are already available, offered by companies such as Emotiv Systems and Neurosky, for applications ranging from accessibility tools to leisure to training. In Neurosky’s game Puzzlebox Orbit, users can fly a physical toy helicopter with their brain.

Currently, in the medical field, BCIs are being explored in neuroprosthetics – for instance, allowing amputees to move prosthetics with their mind, rather than with a joystick or a controller. For patients with stroke or certain degenerative diseases who may have trouble speaking, BCIs are used to restore communicative capabilities by analyzing the neural firing associated with speech and passing the signals through a voice synthesizer. 

Currently proposed methods to address BCI privacy secure various parts of the application: the data itself, communication between the EEG device and the controller, and the machine learning model. These all come with their unique set of tradeoffs. For instance, for increased privacy, a technique called “differential privacy” sacrifices a level of accuracy in the interpretation of a user’s brainwaves. These methods are applications of state-of-the-art research in cryptographic fields, but as BCIs continue to evolve, and perhaps begin to garner more vulnerabilities, these methods will need to evolve with them.

Anticipating the role BCIs will play in our future society, researchers have begun forming frameworks of thought for evaluating privacy and security of such applications. If BCIs are the future, this vein of investigation will need to become more thorough. 

Vicki Xu is an AB/SM student in the School of Engineering and Applied Sciences, where she is studying computer science, mathematics, and their ties to privacy. You can find her on Twitter as @vicku__.

Corena Loeb is a Ph.D. student in the Harvard-MIT program in Speech, Hearing, Bioscience and Technology.

Cover image by u_91c4jx8lri from pixabay.

For more information:

  • For more about the safety and security of BCIs, click here
  • To read more about the BCI field’s direction, check out this article
  • Read more here about BCIs in video games and their limitations.
  • For ideas on potential social consequences of BCIs, read here.

Leave a Reply

Your email address will not be published. Required fields are marked *