New research has revealed that manipulating human memories may become possible as cyberattackers may be able to steal, spy on, alter or control the memories of people implanted with brain stimulation devices.

The research was published as a report by Russian cybersecurity firm Kaspersky Lab in alliance with the UK’s University of Oxford Functional Neurosurgery Group.

According to the report ‘The Memory Market: Preparing for a future where cyber-threats target your past’, radical threats may not be a reality in the near future, but the vulnerabilities already exist in the form of brain implants, which are used to learn more about memories.

These implants come with connected software and hardware that can be potentially exploited by cyberattackers.

“Current vulnerabilities matter because the technology that exists today is the foundation for what will exist in the future.”

University of Oxford Functional Neurosurgery Group doctoral researcher Laurie Pycroft said: “The prospect of being able to alter and enhance our memories with electrodes may sound like fiction, but it is based on solid science the foundations of which already exist today.

“Memory prostheses are only a question of time. Collaborating to understand and address emerging risks and vulnerabilities, and doing so while this technology is still relatively new, will pay off in the future.”

For the research, the team specifically analysed the vulnerabilities in deep brain stimulation devices, the latest versions of which have Bluetooth-based management software on commercial smartphones and tablets.

The researchers found a serious vulnerability and multiple misconfigurations on an online surgical management platform. They believe that this may offer access to sensitive data and procedures.

Insecure data transfer from the implants could also allow cyberattacks and lead to changed settings that may cause pain, paralysis or data theft.

Some brain implants are focused on patient safety rather than security, thereby become exposed to tampering by unwanted parties. The researchers also said that insecure behaviour by medical staff leaves the medical devices vulnerable.

The team noted that addressing all such vulnerabilities is important to mitigate the risk of any cyberattacks in the future.

Kaspersky Lab global research and analysis team junior security researcher Dmitry Galov said: “Current vulnerabilities matter because the technology that exists today is the foundation for what will exist in the future.

“Although no attacks targeting neurostimulators have been observed in the wild, points of weakness exist that will not be hard to exploit.”