Feature
Could brain-computer interfaces be hacked?
There is still a long way to go before neural chips are commonplace in clinics, but the cybersecurity of these devices is already a real concern, writes Robert Barrie.
Credit: Malte Mueller / Getty Images
You can’t get very far in a science fiction film catalogue without seeing the mention of a neural implant. In truth, one need not look too far in the real world either.
Indeed, the medical world has had implanted brain devices for a while, but a new type of technology – brain-computer interfaces (BCIs) – is creating a very different avenue of neuronal exploration.
Elon Musk’s Neuralink is perhaps the most famous company trialling the technology. The businessman recently announced on X (formerly Twitter) that the first human had successfully been implanted with the chip. The first product from the company will aptly be called ‘Telepathy’.
But Neuralink is by no means the only company spearheading this new frontier of neural communication and it will not be the only company to face challenges rolling out the tech either.
Clinical landscape
BCIs, also called brain-machine interfaces, are chips implanted in brain tissue that take brain signals and translate them into commands. The measured signals, which can be described as ‘thoughts’, are relayed to a secondary, external device which then carries out a specific function. At the moment, the main application is in the neuromuscular field – helping paralysed patients move muscles.
The technology has come a long way since the first tests conducted with BCIs in the early 1970s. Companies and academic institutions are at various stages of clinical development. Neuralink, for example, is only at the start of its human trial since gaining US Food and Drug Administration (FDA) approval last year for the study.
Other devices have already been tested in paralysed patients. BrainGate has developed one of the more mature BCIs. The company published results in Neurology indicating a good long-term safety profile and has previously shown positive proof-of-concept demonstrations. US-based Synchron completed patient enrolment in an early feasibility study for its BCI in September 2023.
Also generating waves in the space is Clinatec – a biomedical research centre located on the CEA campus in Grenoble, France. The company’s device, Wimagine, is semi-invasive as it sits on the surface of the brain using 64 electrodes to measure activity from the motor cortex. In 2019, Wimagine was used to help a tetraplegic patient fitted with an exoskeleton to walk. The company has partnered with Onward to use the latter’s spinal cord stimulation technology.
“When a patient imagines moving a leg or arm, the goal is to decode this brain activity in real-time to control different effectors such as an exoskeleton or a stimulator at the spinal cord,” says Guillaume Charvet, head of the BCI project at Clinatec.
In May 2023, Clinatec published results in Nature demonstrating its device helped restore communication between the brain and spinal cord. As a result of the implant, a patient with chronic tetraplegia was able to stand and walk naturally.
BCIs could unlock a plethora of therapies for patients. Facilitating signalling to an output device, BCIs harness brain signalling, as opposed to using normal neuromuscular pathways.
“Our technology was designed to be compatible with different kinds of effectors. This is not only exoskeletons or spinal cord stimulators, but also wheelchairs or robotics arms for example. The goal of our research activities is to demonstrate that the BCI can exert a high level of control based on cortical signals," Charvet says.
When will BCIs reach the market?
The short answer is that there is no precise timeline. A more accurate outlook will become apparent after clinical trials progress, both in stage and in recruitment size. Devices are still at a relatively immature stage and the long-term effects are unknown. There is also the question of how regulation will deal with a technology that has captured so much public interest. Similar to the weight loss drugs seen in the pharmaceutical sector, scrutiny is heightened when commentary is plentiful.
“Even accounting for large error bars, we could see use and acceptance in the next decade,” says Brian Jamieson, CTO and founder of BCI company Diagnostic Biochips.
Clinatec’s Guillaume Charvet gives a similar estimate: “We need five to eight years more for our technology to reach a large population at the market.”
Perhaps to see its future market, it is necessary to look at BCIs' past foundations. Despite the buzz around the tech, related technology has been around for decades. The idea of invasive or semi-invasive brain devices is a continuation of previous technology, as Jamieson explains.
“BCIs are not as brand new as you might believe from reading commentary. Deep brain stimulation, for example, has been approved by the FDA since 2002," Jamieson says.
"We've had a long time to deal with the safety side of [these kind of devices]. BCIs will be much of the same, it will be centred around safety and efficacy. I suspect that [brain recording devices] form a pretty good base of predicate devices for most future BCIs."
The US Food and Drug Administration (FDA) has already singled BCIs out, however, issuing guidance on their research and development. The agency shared its thoughts on a range of topics to help guide companies that are clinically testing devices. The FDA has remained tight-lipped on regulatory stipulates.
Jamieson says that, as ever with implanted devices, the risk-benefit ratio is critical: “The billion-dollar question is can we create a BCI that has really meaningful impact on the lives of people?"
That ratio will become apparent when companies release larger clinical datasets with longer follow-up.
With public interest in Neuralink inevitably high, the company’s activities could dictate the perception of BCIs. Neuralink being under federal investigation by the US Department of Agriculture for potentially violating the Animal Welfare Act, for example, will not help how the device’s development is viewed. Investors are not being put off however, with Neuralink accruing over half a billion dollars in funding since its inception in 2017, including a recent financing round of $280m.
Credit: @GipsyHillBrew / X
Cybersecurity – real or exaggerated?
Perhaps the most telling response to Neuralink’s successful first implantation was ironically on Musk-owned X (formerly Twitter). Under the businessman’s announcement was a plethora of replies linking memes about the security of the chips.
The most-liked reply was a collage of Rick Astley from the music video to the song “Never Gonna Give You Up” playing in a woman’s head with the tagline ‘When your Neuralink chip gets hacked’.
Is the threat real? Dr Sergio López Bernal, a postdoctoral researcher at the University of Murcia’s cybersecurity and data Science Lab (CyberDataLab) in Spain, thinks so.
“If we continue this trend in which the technology is moving in an accelerated way, then we will face real concerns in terms of some security," Dr Bernal says.
Dr Bernal explains that brain waves contain lots of sensitive information. Science has shown that specific neurons can respond to specific stimuli, and there is the potential for extrapolation to harness sensitive data. However, such a readout would require a controlled environment with a specific setup.
Indeed, Dr Bernal and his team have simulated cyber-attacks on BCIs and have inferred discrete information. The reality is that in today’s world, technology simply does not yet exist coherently to read broad-ranging thoughts.
“With technology available right now, we are getting aggregate information which is noisy. It’s very difficult to get any kind of meaningful information,” Dr Bernal says.
Regardless of the risk level of threat, cybersecurity will have a significant impact on BCI development. BCIs will be held to the same standard as classic medical devices. The FDA has recognised the importance of securing devices from outside threats and implemented stricter cybersecurity requirements for companies submitting approval applications last year.
“There are technical concerns because a cybersecurity function like data encryption, for example, requires additional compute cycles, which then requires additional memory and processor power, which in turn requires additional battery capacity. This is challenging in devices with capacity constraints,” says Axel Wirth, chief security strategist at MedCrypt – a company that provides data security for medical devices.
In devices such as BCIs where size is strictly constrained, implementing security features will be a challenge. As with most investigational device exemptions, full cybersecurity measures are waived in the research phase. But it will be a problem companies will have to tackle at some point in the development cycle.
Clinatec’s Guillaume Charvet quipped that the company will utilise the services of the cybersecurity research lab down the road on its campus, though confirmed cybersecurity is a consideration later down the development path: “We don't specifically address this question at this clinical trial stage.”
Like Dr Bernal, Wirth believes the technology to coherently “read thoughts” via attacks on these devices is not at a mature enough stage.
“The [main concerns] are about data being gathered. Could somebody read my brainwaves? It’s not easy to make sense of brainwaves and translate them to actual thinking. It's not that simple," Wirth says.
Wirth does not rule out attacks though, hinting at more fundamental – but just as dangerous – electronic invasions.
“Could there be attack scenarios where somebody would, for example, send the device into a continual communication mode which would deplete the battery quicker? It’s certainly possible," Wirth adds.
Amidst public hesitancy at best and public distrust and worst, Wirth quelled fears as to how frequent attacks could be. Unlike open-network hospital systems, BCIs are closed systems and do not present an easy target. Indeed, hospitals suffer far more data breaches than medical devices.
Wirth concludes by saying: “Once the devices enter more mainstream use outside of hospital settings, attacks are indeed perceivable, but not likely.”