 So, thing one, I'm not just going to talk about brain implants, initially I was going to do that and then I realized it would be really boring because there are so many other cool brain things I can talk about. Thing two, I am only just getting into the whole security side of the hacking thing, so I mostly know how to play with brains and I'm hoping I just give you all a bunch of really terrible ideas for how you can hack brain things as well. So as a few caveats, I'm going to be mostly focused on consumer devices in no small part because medical devices are much more complicated in terms of regulation and I don't want to accidentally give you terrible ideas for how to hack medical devices without having gone through any appropriate channels for doing so. In the interest of time, I'm just going to talk about electrical brain signals because they are the most portable, so for instance I have an electrical brain signal scanner here called an EEG device. You can't really do that with MRIs at the moment. If anyone here is working on room temperature superconductors, maybe you can do that, but I cannot. I'm only going to be focusing on really big picture security issues, so I'm not going to be talking about any level, low level code things or any specific chip sets. Just going to be focusing on like what happens if you happen to intercept someone's brain signals coming from one of these devices and my talk is going to be extremely neurocentric, but know that most of the issues I'm talking about apply to most wearable bio devices and a lot of them just apply to computer devices in general. I'm sure a lot of the actual security component of this will be very familiar to you from other systems. Okay, so in order to orient you a little bit into the world of neuroscience, I'm going to be talking about neuro technology. This usually starts at the level of brain signals. Some kind of signal processing has to go into it. It gets piped into a feedback device, and once you have that feedback device, it can either be piped back to your brain as either an electrical brain signal for brain stimulation, as some kind of visual feedback, or you can also do cool things like pipe it to someone else's brain so there's no reason that you can't use the brain activity in your brain to stimulate someone else's. And there are two main things that are going to come up throughout this presentation. One of them is physical safety. So keeping in mind what sorts of things can actually compromise your safety if you have electrodes implanted in your brain and connected to the internet. And sorry, the other major one is privacy. So obviously your brain signals make up a big component of who you are and your thoughts and so on. And it is not to say that there is any kind of direct mind reading technology, there is still lots of very useful, very personal information that you could accidentally divulge while wearing one of these devices. All right. A little bit of brain anatomy to get started. How many people have heard of neurons? Assuming the rest of you have mostly spoken in French and don't know the specific word. So neurons, individual cells of the brain, they work on something called chemo-electric coupling. So you have electrical impulses that lead to the release of neurotransmitters, things like dopamine or adrenaline, that control most of the aspects of how your brain works. These are oriented in what are called cortical columns. And the reason this is important is because when you get lots and lots of these tiny electrical impulses summing together, they create a larger electrical potential that you can then measure from the surface of your head instead of having to go directly into the brain in order to detect the signal. And then these cortical columns are all arranged into the rest of your brain. And the actual electrical component is called an action potential. This is what it looks like. This is just to give you an idea of the types of voltages that you're working with. So each individual action potential goes to about plus 30 millivolts. And the resting membrane potential inside your brain is usually at about negative 70. The reason that's important, as we will get to later, is because if you then run a current into your brain, you can change this resting potential, which then kind of changes the way that your brain works. And different parts of the brain obviously do very different things. So where you have electrodes placed is going to make a big difference. Got kind of here. This is a brain looked at from the left-hand side. Your eye would be somewhere around there inside your head. Some of the more important ones here in blue, you've got what's called primary motor cortex. So there you actually have brain regions that represent the different parts of your body. If you stimulate them, you can do things like make your hands twitch or behind it. You've got primary somatosensory cortex. So if you stimulate the hand area of that, you could feel things in your hands, even though nothing's actually touching your hands. Back here, you've got primary visual cortex. If you were to stick an electrode in there and start stimulating, you can make people see flashing lights. You don't even really need to stick an electrode in there. If you run a stimulation externally, you can also see flashing orbs. It's good. And then you have your deep brain structures. These are the ones that are controlling things that are more like emotions or memory, those are found lower into your brain. And to affect those, you need to have devices that are much more invasive. Okay, so I'm going to start with the technologies that let you read from the brain. And then we'll have a separate section for the ones that what I'm calling right to the brain or affect the brain using electrical potentials. And these vary in degrees of invasiveness. So you can have the fully external EEG devices. Again, you can carry them around with you, plaster them on your forehead. Super, super non-invasive. There really aren't many safety concerns in using those, unless the circuit is very poorly constructed. I have made that mistake before, accidentally running a current back through the electrode still really hurts. Yes, then you have electrocorticography. And for that one, you remove parts of the skull and place the electrodes directly onto the brain. As a warning, if anyone has a problem with images of blood or things like that, I do at some point have a picture of an exposed brain. Just to be aware. And then you can go even deeper into the brain and have electrodes implanted directly into the cortex and get very, very specific information from very small populations of neurons. And the signals that you get look very similar. The EEG is going to be the messier of the signals, because your brain is also covered by fluid, which is electrically conductive. So you have all of these billions of neurons generating very small electrical potentials, which are then being obscured by the brain tissues and by this fluid that is constantly moving around. And then a few different layers of tissue plus your skull plus your hair. The signals get very messy. Electrocorticography lets you bypass some of that. But the scale of the signal that you can collect is much smaller because you don't want to take off someone's entire skull. Just to record clean brain signals, I hope. And then the individual electrodes are even more invasive, so you usually get information from an even smaller population. So to sum up about EEG, electrical activity sums together. These are what some of the fancier caps look like in a research setting that is a 128 electrode device. As contrasted with the one electrode device that I have here with me today. But you get everything in between in terms of sophistication. You can detect stuff from the scalp. It's difficult to localize because of all this mirroring from different tissues. But you get super, super precise timing. And this is what a lot of the really interesting things hinge on. So you get millisecond precision in terms of recording something and relating it to what's actually happening in the real world. And for the wireless devices, signals are usually transmitted one of three ways. They usually go through Bluetooth, radio frequency, or Wi-Fi. It varies depending on what the use case is. The trend is towards using Bluetooth low energy for the newer devices since power consumption for something that's recording that much data, it's usually like 10 kilohertz or so. So having something that has a very, very long battery life and minimal power consumption is very important. So what are some of the cool signals you can get if you do happen to have some kind of way to intercept these Bluetooth low energy signals? This is called the P300. And the P300 is a signal that carries information about what you are attending to. So what you see on the right is what's called a P300 speller. If you had no way to spell something other than your brain signals, which is often the case in clinical contexts with patients that have something called lockdown syndrome, where you can't move absolutely anything, even like eye blinks or eye trackers are out of the question. What you can do is just fixate on one of those letters and you scan your brain signals. And whenever the one that you are focusing on comes up, you're gonna get this characteristic P300 response. Which is extremely useful in a clinical context. It also means that you can do things like if you present an array of faces, you can figure out which of them people are looking at the most. Or in like a visual scene, if you get enough information, you can tell what thing in that visual scene people were looking at. Which is why you might want to be extra careful about what information you are storing and what databases while you are looking at things. The thing about this though is that it is very important to have synchronized data. So you would have to go through some effort to get a camera that is fully synchronized with the recording device. You can also get something called an N400. And this one is more an index of familiarity than it is an index of attention. Which gets extra interesting. So here this is one of the classical studies that you can do to elicit the N400 response where you present someone a sentence. The pizza was too hot too and then they get a series of words and you look at their brain response to each of the words to figure out which of them makes the most sense. Which also means that you can use it as something like a biometric password. So a lot of the brain based password systems are trying to use the N400 response because if you flash someone like ten words and one of those words is their password, you'll be able to tell which of it is, which of them is their password from their brain response to it. And then be able to use that as a form of authentication, which is very neat. The other interesting implication of something like the N400 is, again, if you were to flash someone a series of faces say at an airport and then see which of the faces seemed the most familiar to them. You could also try to use this as some kind of like extra security measure to see who is most familiar with whose faces. Which is a bit of an issue because people can be familiar with faces for a variety of reasons. And one of the themes that comes up continually in brain computer interfaces is that you need to understand your data if you want to make very strong claims about what you're measuring. So if you want to make a claim that someone is more familiar with someone's face because they're friends with them, you should make sure that they're not responding to their face because they've seen it over and over again in the news or the like. You can also do a different type of analysis just looking at the frequencies carried in the signals. And this is the one that's probably the more relevant if you're looking at like intercepting the signals and trying to figure out what's going on with them without having this very highly synchronized time stamping of like what they were looking at compared to what their brain is saying. So these you just do like a Fourier transform on the raw signal and you're going to get all of these different energies and different frequency bands and those carry information about like drowsiness or how alert you are, how concentrated you are, how stressed you are. You can also get neat things about like facial movements. So you can tell if someone's jaw was clenched. You can tell like what rate they were blinking at. You can very easily tell if they were asleep. That's the clearest one. And the use cases for these range from like the super, super fun to the kind of sketchy in my opinion. So the super fun is like you can use these and connect them to a pair of cat ears. And if you're like paying attention to something, your cat ears perk up. It's really neat. If you stop paying attention, your ears start drooping. But also one of the more common avenues of research for future applications is for employee monitoring, making sure people are alert while they're doing their jobs. This is a picture of a safety helmet that actually has EG implanted. If you look like behind his ear, you can see the tail bit of an EG device that's connecting. And so this is an experiment going on in a factory in China where they're actually looking to see if they can improve factory productivity by moving people around when they're bored, which is potentially a very good use case, but is also generating a lot of data that might not necessarily be useful enough to outweigh some of the privacy concerns inherent in continually scanning all of your employees' brainwaves while they do their work. So to summarize the risks and consequences of this type of thing, safety risks, again, if the devices are built properly, the risks should be extremely low. Privacy risks are actually a little bit on the high side, especially if you are piping it through something like your phone. So you do have really synchronized GPS data along with potentially whether you're walking where you are, all of that. It's not directly mind reading, so we're not going to be able to intercept what words people are thinking directly, although if they do happen to be typing a lot of things and all of a sudden type their password, you might be able to figure out that they just typed their password. So yeah, you might accidentally divulge what information is actually important to you. And then there's also the issue of potential disclosure of medical conditions. So epilepsy obviously carries a very characteristic type of brain activity that goes with it, even if it's not directly causing a seizure at that particular time. And if your employer is monitoring your brainwaves all of the time, you might run into some issues where you're accidentally disclosing medical conditions that you didn't necessarily want to. And then you can get even more invasive, which for the time being is only being done in a medical context. But there has been a weird amount of press about the future of cognitive enhancement lately, which is one of the reasons I wanted to give this talk and trying to figure out how we can use invasive brain implants to merge with artificial intelligence. So that's where we are. So these look kind of like Velcro and they stick in kind of like Velcro onto the surface of your brain. They're very, very small. This is a specific type of measuring device called the Utah Array. If you want to look it up afterwards, they're difficult to keep in for a long time. Brains, as it turns out, do not like having metal shoved into them. So they start scarring pretty much immediately and it limits the lifespan that you can keep them in for. But again, the signal transmission types are fairly consistent across these devices. So again, Bluetooth low energy is one of the ones that is seemingly more common for some of the new wireless systems that are coming out. And you can get really cool stuff from this, too. Because it is closer to the brain, you can get information that is much more detailed. So in this study, they had someone who was already implanted with these devices for medical reasons. And this was part of, I think, the BCI Olympics last year. And they were trying to get a measure of which finger the person with the implants was flexing. So you can see here with some feature extraction and just like the raw signals, you have fingers 1, 2, 3, 4, 5. And you can get a nice measure of which finger they were thinking of flexing. And then use that to control robotic devices. This is another type of use case where, in this case, what they were doing was using these electrocorticography electrodes to measure while people with traumatic brain injuries were reading a series of words. And in this case, the goal was to predict which of those words they were going to forget and which they were going to remember. And so they could actually end up classifying which of the words they were going to remember and which of the words they were going to forget. So that's one of the really cool use cases for implanted electrodes. But of course, these come with more safety risks. So again, the circuits really, really should have some type of current limiting, hard built in. If you are ever involved in the design of these devices in any capacity, please make sure they do. Because the risks of heating up your brain are much higher than the risks of accidentally heating up your skin. If it's for cognitive enhancement purposes, I say the risk is low because it is unlikely that in the current state it will go ahead with actually like implanting these for cognitive enhancement purposes since the benefits in no way really outweigh any of the risks you'd be taking on by implanting electrodes into your brain. But the privacy risks are again even potentially a little bit higher than with EEG devices because the signal is so much cleaner. You get much more specific information about where it's happening in the brain since it's directly on the surface. You can do things like tell what things people are going to remember, what things people are going to forget. And then there's the whole issue of anonymizing this data. Because your brain data is so closely linked to you and because it's unique enough that you can do things like use it as a form of authentication or as a form of identification. It also means that when you generate all of this data, it's very difficult to actually keep it anonymous because if at any point part of your data gets de-anonymized, the rest of it is very easy to de-anonymize afterwards. So if you are storing lots of sensitive data, making sure it doesn't have things like meta-information about where you were when it was collected and at what time and at what research institute is quite important, and especially for some of the more portable ones, they are more useful if you have information about what time of day you were using it and where specifically you were using it. But that might also make it much more difficult to store securely. There's a very strong parallel with DNA where it's really difficult to actually keep DNA data anonymous because you continue to generate data sources that are not anonymous all the time since it is actually just little bits of you that are being left places. It was a horrifying way to say that, I'm sorry. So now we're gonna move on to reading from the brain, summarizing the key takeaways from this. Signal transmission is really similar to other wearable devices. So there's nothing that is super, super unique about neuro-technology signal transmission that isn't true of like Fitbits or in the medical context that isn't true of like pacemakers. But the signals that they carry do carry information that is very unique compared to these other wearables or other medical devices, and that information is occasionally quite sensitive or things that could be used maliciously. All right, now we're gonna move on to brain stimulation where the concerns are a little bit flipped where most of the concerns are about things like safety. So you also get all kinds of degrees of invasiveness when it comes to the brain stimulating devices. The least invasive is something called transcranial electrical stimulation where you take basically fancy saline soaked sponges or occasionally literally just saltwater soaked sponges, strap them to your head, connect them to some kind of current generator, usually about like two milliamps. And you run the current between the sponges, turns out the path of least resistance is often directly through your brain. Or you have the super invasive deep brain stimulators, which are electrodes implanted directly into deep brain structures, again, for now for clinical purposes. So the reason that running a current through your brain changes things is because of these action potentials. They need to reach a critical threshold before one of these all or nothing events actually happens. And so if you are running a current into an area, you can make it either easier or more difficult for these action potentials to occur. Or you can, depending on where you place the electrodes, make it easier for different brain regions to work in synchrony or more difficult. This is only true for the transcranial direct current stimulation. There are also all types of different stimulating pulses that you can send. So you can send like alternating current pulses as well, which have different effects. Those are mostly for synchronization. So if you, for instance, wanted to promote one of the frequencies that is characteristic of like sleepiness, you could send an electrical current at that frequency and just make it easier for your brain to go into the sleepy state or the more awake state, whichever you prefer. Again, the signals are usually sent over Bluetooth. A lot of the time they're hardwired, especially if it's one of the direct current stimulators because those are basically just a battery with some resistors built in. But a lot of them now are controlled by microcontrollers, which means that if there are any vulnerabilities in those microcontrollers that you can gain access to them, you can change things like the current shape, the current duration, what the maximum allowable current is. And if it's one of like, if it is one of the devices that has electrodes in multiple positions at the same time, you could also change things like which part of the brain is being stimulated just by telling it to stimulate in a different spot. So here on the left is an example of one of the things you might wanna do with this type of brain stimulation. What you're looking at here, this little triangle bit is someone's nose and you have just a top-down view of their head. It's called the 1020 electrode positioning system. In red, you've got a cathode. In black, you've got an anode. So the cathode is like on your forehead. The anode is on your shoulder. This is something called the DARPA accelerated learning paradigm online. Just need to make sure the bunny quotes go in the video. And so this is a paradigm that was used in a study once to help train drone pilots faster where they were looking at a scene and trying to pick out what thing they were trying to actually focus on. And what they did was record their brain activity during like the first chunk of training, figure out which parts of their brain activity were changing as a function of training and then use the electrical brain stimulation to make it change a lot faster. So they were actually managing to bring the training time down by a fair bit using this. On the right, you've got an example of a brain stimulator that I built. You've just got one wire going for the cathode, one for the anode and a little dial to change the current on it. It's very fun. So the safety concerns for this one are quite low. It's not fun to burn yourself with the system, but it's also not really life-threatening. And the effects of the brain stimulation are quite weak. They can produce very cool effects, but if you wanted to really stick it to someone and accidentally make the current run from their shoulder to their brain, instead of their brain to their shoulder, worst case, they would learn something a little bit slower instead of a little bit faster. It's unlikely to be a huge issue. It gets to be a bit more of an issue in the clinical context where if someone is using it as their depression treatment, you could potentially actually make their depression a bit worse instead of better, which is just not good. And again, privacy concerns. I have not seen anyone figure out how you can record brain signals directly from the brain stimulation technology. You'd have to build in actual recording systems in order to get some of that information back because the resistance is just way too high from saline-soaked sponges to be able to read the brain signals back. So it's not really a privacy concern. And then you get into the more invasive stuff, the brain implants. So I'm gonna break this down into three different categories. You've got motor sensory, extra sensory, and cognitive. And these are in terms of the effects that they can have on the brain. And again, we're still working with the same type of signal transmission protocols as before. Okay, so this is an example of a sensory implant. It's called the Argus II retinal prosthetic. And what it does is it works much in the same way as a cochlear implant. If you're familiar with those in the context of hearing, we've got a little microphone and it stimulates the cochlea and lets people hear. But in this case, it's got a little camera that then stimulates the retina and lets people see again, which is very neat, but carries some pretty unique privacy implications because in that case, you do have a continuously recording camera and it has to maintain a certain memory bank in order to actually be able to do the correct stimulation at the appropriate time. And if anyone remembers how horrifyingly the Google Glass went over in public spaces, people were very upset. There was someone that had it like torn off their face because they didn't like being recorded. So it's definitely something to consider when you are moving towards more invasive implants that if you were to try to remove this, it would cause much more damage than a pair of glasses. And here's someone who was implanted with one of these devices and has since taken up a variety of extreme sports, including archery and heliskeying. But it works well enough that people can start, you know, making out different shapes or like navigating in the real world, which is very cool. This is an example of one of the movement prosthetics. So in this case, she has electrodes implanted into motor cortex and is using her thoughts to convince this robot, not convince this robot to directly control this robot so that it lifts up a glass and brings it towards her so that she can have a drink. And this has a few other applications as well. So for now, they've gotten it to like do this. There's also research going on into complete remote robot assistant control. So instead of just controlling an arm that picks up a thing and brings it towards you, ideally people that have these implants would be able to just like send a robot around their house to fetch something from the kitchen or other similarly useful things. Then you can get into some of the more cognitive stuff. This kind of bridges between the movement and the cognitive. What you've got on the left hand side is a mouse that's being driven around with a remote control. So the mouse has electrodes that are implanted to subtly suggest that if it turns the way that the remote control is telling it to, it will get a brain stimulation reward. And these brain stimulation rewards are usually electrodes implanted directly into reward centers of the brain that release dopamine. So it's kind of like electrical cocaine. It sounds horrifying. They're really useful for search and rescue. Apparently mice can get lots of places that cars can't. You can also do the same thing with moths. So there are some cool videos online of people like driving moths around because they've been implanted with electrodes. And then on the right you've got something that's kind of similar but in the context of a larger animal. And this is research that was done back in like the 1970s. And it was sort of the first example of brain stimulation being used to control something, where the bull is implanted with electrodes in areas of the brain that are related to aggression and motor planning and a whole bunch of other things. It wasn't a super well controlled study. It was the 70s. And the researcher is actually the one on the right. He's holding a remote control. He decided that the way to test his theory that brain implants could be used to control behavior was to jump into a bullfighting ring with a remote control and a remote controlled bull. Yes. So to summarize risks and consequences, the safety risks are pretty high, especially if the circuits are not built super well or if power consumption becomes an issue, eventually power sources get hot. There's also a risk of infection when you implant these, when you take the implants out. There's always a risk of infection on people's skulls, unsurprisingly. But then it does also carry the additional risk of behavior modification. So it doesn't have to be something as dramatic as the remote controlled mouse in the case of a person. That would be really difficult to do. I'm sure most people would notice if you were subtly giving them suggestions to turn left and then shocking their brains. It's much more easy to do with a mouse. But if you are worried about things like hacking cars, if everyone all of a sudden has these brain implants that connect their brains to the Internet, it does also carry the risk that, especially for movement control, you might be able to temporarily take control over someone's arms or something like that. So just making sure that any implants that are doing something useful can also be used to do something not great if someone gains access to them that shouldn't. And again, privacy is a pretty low risk because they are built for stimulating the worst of recording. And unless you build in recording electrodes, you're not going to be getting information back from them. But you can always build a closed loop system, which has the best of both worlds, but also the worst of both in terms of safety and privacy concerns. So if you remember the study I talked about where they were recording activity during word recall and figuring out which words people were going to forget, the second part of that was actually that they had brain stimulation on hand and were eventually able to train a system to detect when someone was going to forget one of the words that they were reading and apply brain stimulating current to help them not forget it. So they were actually able to significantly increase this thing called free recall in the traumatic brain injury patients, which is really, really cool. So this carries a lot of implications for future directions, especially in terms of non-clinical applications like merging with artificial intelligence, which seems to be the goal of a company called Neuralink, run by Elon Musk. If you haven't looked into it, you should. It's a bit of an interesting read. So in terms of developing these applications, they're still quite far off in no small part because it is very difficult to get ethics approval for implanting things into people's brains unless there's a very compelling clinical reason to do so. So what most of the groups that are looking towards human enhancement are doing is working in clinical populations for now and trying to develop new sorts of sensors that will be less risky so that you can move into non-clinical contexts, which carries its own set of ethical concerns with it since historically using people as guinea pigs for the purposes of human enhancement has not gone great. In terms of mitigation strategies, one of the big ones is to keep the hype about what brain computer interfaces can actually do to a minimum so that people are not likely to take on huge risks for very marginal benefits. So for instance, it is really cool that you can implant things to modify behavior in clinical contexts. That does not necessarily mean that you should go out and try to get a brain implant so that you can remember more words in a day. That is not a particularly great trade-off for having an implanted device in your head. Make sure that people understand their datasets if you do ever get approached to do contracts related to medical devices. Start at the level of what data you're collecting because if people are storing raw data you might not necessarily know what sorts of signals you'll be able to predict later on so making sure that things are secured at every stage not just at the database storage stage is important. If at all possible keep devices off the internet unless there's a very compelling reason not to do so. I feel like that's probably just good advice in general for electronics but especially true for brains. And store data locally as much as possible. Again, you don't necessarily know what sorts of things people will be able to predict from your brain signals in the future so keeping the data local might be a good plan. Good, so neuro-technology not uniquely vulnerable to hacking but still vulnerable to hacking. The consequences are potentially worse than usual if it can help you by making your arm move. It can probably also hurt you by making your arm move or any such similar things for all of the types of applications. So maybe think about what use cases you actually need brain stimulation for or brain recording for before incorporating it into things. Good.