By: Cheng Lai Ki
On July 25 2013, renowned hacker and information security expert Barnaby Jack was discovered dead at his San Francisco apartment. As a bearer of an implanted device himself, he was known for exposing security vulnerabilities of implanted medical devices, such as in insulin pumps ‘that could be [programmed] to dispense a fatal dose by a hacker 300ft away.’ His exposé has even led some medial companies to review the cybersecurity protocols of their products. Jack’s work has undoubtedly uncovered an important but under-discussed area of cybersecurity: cybernetics and brainjacking.
Cybernetics was coined in 1948 by Norbert Wiener in his book Cybernetics: or Control and Communication in the Animal and the Machine and inspired an entire generation of engineers and technical enthusiasts. More recently, David Mindel defined cybernetics as ‘the study of human/machine interaction guided by the principle that numerous different types of systems can be studied according to principles of feedback, control and communication.’ At its core, cybernetics simply represents the interaction between man and machine, a concept elucidated by Thomas Rid in his new book: Rise of the Machines: A Cybernetic History.
As our technological capabilities continue to advance, so too does the importance of cybernetics. While our understanding of cybernetics remains vital within cybersecurity domains, Barnaby’s work emphasized the increasing man-machine merger and the need to review security systems of medical and augmentative devices. Today, medical and defence communities have progressively developed advanced prosthetics through ‘taking advantage of the latest robotic technologies to enable [individuals] injured in battle to lead normal lives [and even regain capabilities] better than the original limb’. With current technology, prosthetics have come to replicate internal biological function (i.e. pacemakers), information-processing functions (i.e. optical implants) and interactive functions (i.e. robotic hands). Fictionally reflected by Robin Williams’s character in the Bicentennial Man (2002), almost all internal organs and external limbs can be technologically replicated. In a prepared brief for the 2013 Black Hat conference, Barnaby Jack wrote: ‘[i]n 2006 approximately 350,000 pacemakers and 173,000 ICDs (Implantable Cardioverter Defibrillators) were implanted in the US alone…[t]oday there are well over 3 million pacemakers and over 1.7 million ICD’s in use.’ The fictional idea of the ‘cyborg’ (an entity which is both man and machine) is not looking so fictional anymore.
Currently, most devices and prosthetics do not require a direct neurological connection. Insulin pumps and pacemakers are connected to a small programmable logic controller (PLC) to regulate the dosages of insulin required for optimal organ functionality. The cybersecurity considerations of such devices are similar to those of other PLC dependent systems that also regulate fluids and/or voltages (i.e. hydroelectric dams). While the focus on this category within cybersecurity has been around for a while – especially since the discovery of the StuxNet worm and its effects on the Iranian uranium enrichment facility in Natanz – absent is a greater focus on neuro-linked devices.
According to an article by João Mediros in WIRED, advanced and personalised prosthetics for amputees are becoming more affordable and readily available. Most importantly, as Barnaby’s research has discovered, commercially available prosthetics are becoming increasingly programmable – guided by convenience and marketing ideals. Currently, most prosthetics operate with external sensors. However, technologists have made significant strides in developing ones operated from implanted neurological sensors. For example, the LifeHand2, was developed with a technique called intracortical microstimulation where neuro impulses can be mapped and subsequently used to define the elicitation of body movements depending upon the stimulus, directly relaying real-time information and sensory feedback for the amputee. This exposes augmented humans to a ‘bio-cybersecurity’ issue of human-hacking – in the literal sense.
Termed in a World Neurosurgery article published in August 2016, brainjacking refers to the act of corrupting neurological implants with malicious codes to exert involuntary control of motor functions or impulse control systems within the patient/host. On a technical level, neurological implants convert digitised code into neuro-electric impulses mirroring those fired by neurons (brain cells). If the PLCs within these neuro-implants convert digital code into electric impulses, a carefully outlined line of code could potentially create the right levels of neuro-stimuli that could – in effect – be used to blackmail, control, inhibit or even kill the individual.
A Bio-Cybersecurity Concern?
The cybersecurity community must take steps to ensure that neuromodulation-based platforms are protected on a digital level. As highlighted in Barnaby’s work, wireless and programmable components with prosthetics and medical implants possess their own computer vulnerabilities that can be exploited by malicious actors. This bio-cybersecurity concern must be addressed when, like most technology throughout human history (i.e. ARPANET – the processor to the Internet), advanced prosthetics are developed for various military projects.
Such projects include DARPA’s Reliable Neural-Interface Technology (RE-NET) program, that are developing high-performance neurological interfaces for advanced prosthetics. Soldiers and other civil-servicemen require the full faculties of their brains in order to carry out their missions – usually in highly stressful and hazardous environments. As such, security and operational ramifications of a faulty prosthesis (and by extension an augmented solider) is no different from that of a faulty transmission signal or virus infection aboard autonomous or remote-controlled platforms (i.e. drones).
Humans have consistently used technology for capability enhancement and augmentation. For individuals who have lost limbs or full-functionality of various bodily components, technological advancements have given rise to adaptive (and upgradable) prosthetics and implanted devices to help them regain full functionality. There is no doubt that advanced prosthetics can significantly improve the lives of individuals who have lost their limbs or have diminished functionality. However, with more platforms being biologically integrated, cybersecurity practitioners and prosthetic technicians are now faced with a hybridised domain of security considerations – both biological and technological. Within the increasing number of bio-technological devices, biologists and technical specialists need to collectively address the uncomfortable possibilities potentially afflicting an ever growing cyborg community – before it’s too late.
Cheng served as an Amour Officer and Training Instructor at the Armour Training Institute (ATI) in the Singapore Armed Forces (SAF) and now possesses reservist status. His master’s research revolves around security considerations within the Asia-Pacific Region and more specifically around areas of Cybersecurity, Maritime Security and Intelligence Studies. His Master’s thesis explores the characteristics and trends defining China’s emerging cybersecurity and cyberwarfare capabilities. He participated in the April 2016 9/12 Cyber Student Challenge in Geneva and was published in IHS Janes’s Intelligence Review in May 2016. You can follow him on Twitter @LK_Cheng
 Mindel, D.A. ‘Cybernetics: Knowledge domains in Engineering Systems’, MIT, Available from: http://web.mit.edu/esd.83/www/notebook/Cybernetics.PDF, (Fall, 2000)
 Rid, T. Rise of the Machines: A Cybernetic History, (W.W. Norton & Company: New York), 2016.
 Mediros, J. ‘Humans Becoming Bionic: The next generation of prosthetics will be bespoke, adaptable – even desirable’, The WIRED World in 2016, (2016), pp. 55 – 56
Image Source : United States Navy, ‘Modular Prosthetic Limb’, Available from: https://commons.wikimedia.org/wiki/File:Flickr_-_Official_U.S._Navy_Imagery_-_The_Modular_Prosthetic_Limb_(MPL)..jpg (Mar 23 2012)
Image Source : LifeHand2, http://www.discovery-zone.com/technology-amputee-feels-real-time-bionic-hand/ (Oct 1 2016)
Cheng Lai Ki
Cheng Lai Ki is a Freelance Intelligence Analyst in Singapore and works in the field of cybersecurity, geopolitical risk and international security. He has an MA in Intelligence and International Security from King's College London and was a former Managing Editor at StrifeBlog.