Riddle Me This: When Is a Tattoo Not a Tattoo?
When the
Tattoo is a Biological Computer Interface, Part 2
Part 2: The Inherent Risks of Bio-Connectivity Technology
It seems axiomatic that Bio-Connectivity Technology comes with several inherent risk factors. Beyond the obvious assimilation of all of humanity into a Borg like collective hive, the technology itself relies on systems that are themselves not secure. As noted in an article titled, "Brain-computer interfaces (BCI) are vulnerable to cyber attacks and need security and safety measures," published March 12, 2023, author Rajesh Uppal posits that the entities developing this technology intended for a mass market are increasingly employing wireless technology within their various BCI applications. Thus, a compromised wireless device could well become the attack vector for a connected BCI.
First on this list of vulnerable wireless technologies is the Bluetooth technology upon which rests the connection between the Brain Computer Interface and the human user.
An article appeared in
Forbes, Febuary 20, 2025, titled, "11 Types Of Bluetooth Attacks
And How To Protect Your Devices." Author Alex Vakulov
lists several vulnerabilities of Bluetooth that could directly impact a
user with a BCI. Among them are:
1. BlueJacking,
which involves "sending unsolicited messages to a
Bluetooth-enabled device," that could cause BCI users to
experience sights and sounds that do not exist in reality. Imagine
a driver of a car seeing another automobile coming right at that driver
causing the driver to make dangerous maneuvers to avoid an accident.
But, in reality, causing an actual crash.
2.
BlueBugging allows a hacker to gain control of the Bluetooth
connected device. As Vakulov states it, "With this access,
the attacker can execute actions on the device as if they were the
legitimate owner, effectively taking full control."
3.
BlueBorne is a collection of Bluetooth vulnerabilities
that allows malware to infect the device. When a computer becomes
infected with malware, the problem can be mitigated by simply wiping all
data from the root drive and then restoring the operating system,
applications, and data. When the malware has infected a person's
organic nervous system, simply wiping and reloading is not really
practical or even possible.
4. Reflection Attack is
when an attacker "impersonates a Bluetooth device by reflecting
or relaying its authentication data." Data can be then
intercepted by an attacker. In this scenario, the thoughts of a
user of a BCI might not remain private. Indeed, the user may lose all
control over the BCI device and its actions.
Vakulov lists 18 steps Bluetooth users can employ to protect their devices. None of these steps, however, would apply to a BCI interface. For instance, how does one "Regularly update your devices to ensure they have the latest security patches against known vulnerabilities," when the device is embedded inside a human body? In the research for this series, although the importance of keeping BCI applications current is frequently mentioned, I had read nothing about how to actually update the software. Another step suggested by Vakulov to protect Bluetooth users is to "Use security software on your devices to detect and block Bluetooth-related malware or worms." Again, there is no mention in the literature about antivirus software or firewalls for BCI devices.
A term often given for the compromise of BCI systems is neural hacking. In the literature of BCI technologies, the acknowledgement of neural hacking is coming into clearer focus. An undated article published in Presence Secure offers an excellent primer of the subject of neural hacking. Titled, "The Rise of Neural Hacking: Ethical Dilemmas in Brain-Computer Interface Security," author Faith Peter defines neural hacking as, "the unauthorized access or manipulation of neural data through BCIs."
Peter also states what anyone who has been involved with computer technology for the last several years instinctually knows.
Like all technologies, BCIs are not without their loopholes. As much as they promise to revolutionize lives, they also introduce vulnerabilities that could lead to neural hacking—a threat unlike anything humanity has faced before.
Lying at the heart of securing private data accessed though BCIs is that
fact that "Neural data is unique to each individual, making it
difficult to detect and prevent unauthorized access. Peter
lists five areas of concern with neural hacking.
1.
Cognitive Privacy at Risk. One's thoughts are, or should
be, private and restricted to ourselves or those we wish to share our
thoughts with. If not secure, our thoughts are liable to misuse by
"hackers, corporations, or governments."
2.
Threat to Autonomy. Peter
offers the example of when a "prosthetic limb or communication
device is hijacked, leaving the user powerless."
3.
Weaponization of BCIs. In this scenario, "Governments
or malicious entities could misuse BCIs for surveillance, coercion, or
even warfare, making it essential to establish clear boundaries for
their use."
4. Inequality in Security.
As is the case in traditional computing today, "Wealthier
individuals may afford better protections, while vulnerable populations
remain exposed to greater risks."
So, although the technologies surrounding BCIs might be novel, the application of this new technology faces risks very similar to traditional computing.
Security professionals in traditional computing often focus on the risks associated with what are called backdoors. As defined by Crowdstrike, "A backdoor attack is a clandestine method of sidestepping normal authentication procedures to gain unauthorized access to a system." The backdoor attack "involves exploiting system weaknesses or installing malicious software that creates an entry point for the attacker." In BCI technology, a neural backdoor could interfere with a person's perception of reality, and thus the victim's behavior. In a bio-integrated system, the outcome of a neural backdoor might might well be external manipulation of what a victim sees, hears, or experiences.
Typically, a backdoor attack on BCI technology is a two stage attack. As explained in "The Hidden Risks of Brain-Computer Interfaces," published in Simple Science, March 23, 2025, an attacker must first somehow insert a "small number of contaminated EEG signals" into the data set. These contaminated signals hold a hidden pattern that acts as a key. The data set will then recognize this pattern as a legitimate part of its data set. This creates the secret backdoor that allows the attacker access to the BCI and the potential to manipulate the data set. In the second stage of the backdoor attack, any normal EEG signal can be compromised by application of the hidden key. The system will now recognize the attacker's signal as legitimate, giving control of the BCI and its output over to the attacker.
In its section titled, "Challenges related to BCI data," the GAO reported cited in Part 1 of this two part series, noted that security risks associated with BCI technology are greater when BCIs are not employed in "a controlled laboratory environment." In other words, when BCI technology becomes a Consumer oriented product as ubiquitous as the smartphone is today.
Conclusion
I have longed maintained that as any new technology is adopted by a greater percentage of the consumer public, that technology soon devolves down to the lowest common denominator. Cory Doctorow has coined a term that describes the downward spiral of technical innovation strangled by wanton consumerism with one word: "Enshittification." The process of Enshittification also describes "How Platforms Die." Doctorow summarized his thesis in a Wired magazine article, titled, "The ‘Enshittification’ of TikTok: Or how, exactly, platforms die," dated January 23, 2023. Using TikTok as his example, Doctorow states his central thesis:
For many years, even TikTok's critics grudgingly admitted that no matter how surveillant and creepy it was, it was really good at guessing what you wanted to see. But TikTok couldn't resist the temptation to show you the things it wants you to see rather than what you want to see. The enshittification has begun, and now it is unlikely to stop.
A succinct summary of the inevitable process of Enshittification is offered as a handout by Pat
Hocking. Its title is, "Enshittification: How
Modern Platforms Decline." Hocking synthesizes the
process down to four steps.
• User-Focused Growth: A company offers a great product or service, attracting many happy users with useful features and solid value.
• Revenue-Focused Growth: To start making money, the company increases ads, fees, or premium options, but still maintains a generally good experience for users.
• Bait and Switch: The company begins cutting components—features are removed, ads are added, and users are asked to pay for more—while still claiming to offer the same service.
• Endstate: Eventually, the platform becomes unusable or less enjoyable, and users are stuck with a worse experience or leave the platform.
In our present time, we see Artificial Intelligence accelerating through the Enshittification process. Currently, I see AI at stage two of the process with stage three on a not too distant horizon. Almost inevitably, AI has increasingly become a security threat to its users.
Of course, Brain Computer Interface technology is nowhere near a
Consumer orientated mass market product. Yet, as stated in the
Introduction of this series, Bill Gates believes we all soon be
liberated (or encumbered) by BCI products. That may well be a new bright
future, but the inevitability of Enshittification argues otherwise.
I'd
sacrifice anything come what might
For the sake of havin' you near
In spite of a warnin'
voice that comes in the night
And repeats, repeats in my ear:
Don't you know, little fool, you never can
win?
— I've Got You Under My Skin , Frank Sinatra
Song
Writer: Cole Porter
Gerald Reiff