Digital Technologies Research and Applications

Review

Cybersecurity Issues in Brain-Computer Interfaces: Analysis of Existing Bluetooth Vulnerabilities

Downloads

Angelakis, D., Ventouras, E., Kostopoulos, S., & Asvestas, P. (2024). Cybersecurity Issues in Brain-Computer Interfaces: Analysis of Existing Bluetooth Vulnerabilities. Digital Technologies Research and Applications, 3(2), 115–139. https://doi.org/10.54963/dtra.v3i2.286

Authors

  • Dimitris Angelakis
    Department of Biomedical Engineering, University of West Attica, Athens 12243, Greece https://orcid.org/0009-0006-2720-6203
  • Errikos Ventouras Department of Biomedical Engineering, University of West Attica, Athens 12243, Greece
  • Spyros Kostopoulos Department of Biomedical Engineering, University of West Attica, Athens 12243, Greece
  • Pantelis Asvestas Department of Biomedical Engineering, University of West Attica, Athens 12243, Greece

Brain-computer interfaces (BCIs) hold immense promise for human benefits, enabling communication between the brain and computer-controlled devices. Despite their potential, BCIs face significant cybersecurity risks, particularly from Bluetooth vulnerabilities. This study investigates Bluetooth vulnerabilities in BCIs, analysing potential risks and proposing mitigation measures. Various Bluetooth attacks such as Bluebugging, Bluejacking, Bluesnarfing, BlueBorne, Location Tracking, Man-in-the-Middle Attack, KNOB, BLESA and Reflection Attack are explored, along with their potential consequences on commercial BCI systems. Each attack is examined in terms of its modus operandi and effective mitigation strategies.

Keywords:

Brain-Computer Interfaces; cybersecurity; Bluetooth

Author Biography

Dimitris Angelakis is currently a Cyber Security Consultant at Performance Technologies S.A., since 2015. He is also a Professor at Institute of Vocational Training OMIROS, teaching courses such as Introduction to Computer Science, Computer Architecture, Operating Systems, Databases, Networks and Network Management since 2022. He has a robust background in information technology, specializing in Statistical Data Analysis, Python, Machine Learning, Cybersecurity, Biomedical Engineering and Brain-Computer Interfaces.  Dimitris completed his Bachelor's degree in Informatics Engineering at the Technological Educational Institute of Western Macedonia in 2014. He then obtained a Master of Science (M.Sc.) in Biomedical Engineering from the University of West Attica in 2017. Currently, he is pursuing a Ph.D. in Biomedical Engineering  at the same institution. His research interests are centered around Cybersecurity, Brain-Computer Interfaces, and Machine Learning.

Highlights

  • Provides a comprehensive review of cybersecurity issues in Brain-Computer Interfaces (BCIs), particularly focusing on Bluetooth vulnerabilities.
  • Discovers significant Bluetooth vulnerabilities in BCIs that could be exploited for malicious purposes, shedding new light on potential security risks.
  • Offers a framework of practical implications, emphasizing the need for robust cybersecurity measures to protect users and maintain data integrity in this emerging technology field.

References

  1. Hill, N.J.; Wolpaw, J.R. Brain–Computer Interface. In Reference Module in Biomedical Sciences, 1st ed.; Larry R. Squire, Floyd E. Bloom, Nicholas C. Spitzer, Fred Gage, Tom Albright; Elsevier: Netherlands, 2016, pp 429–437.
  2. Shih, J.J.; Krusienski, D.J.; Wolpaw, J.R. Brain-Computer Interfaces in Medicine. Mayo Clin. Proc. 2012, 87, 268–279.
  3. Kübler, A. The History of BCI: From a Vision for the Future to Real Support for Personhood in People with Locked-in Syndrome. Neuroethics 2020, 13, 163–180.
  4. Iroju, O.; Ikono, R.; Ishaya, G.; Ojerinde, O.A.; Olaleke, J. Prospects and Problems of Brain Computer Interface in Healthcare. Curr. J. Appl. Sci. Technol. 2018, 29, 1–17.
  5. Umair, A.; Ashfaq, U.; Khan, M.G. Recent Trends, Applications, and Challenges of Brain-Computer Interfacing (BCI). Int. J. Intell. Syst. Appl. 2017, 9, 58.
  6. Pycroft, L.; Aziz, T.Z. Security of implantable Medical Devices with Wireless Connections: The dangers of Cyber-Attacks. Expert Rev. Med. Devices 2018, 15, 403–406.
  7. Leuthardt, E.C.; Schalk, G.; Roland, J.; Rouse, A.; Moran, D.W. Evolution of Brain-Computer Interfaces: Going Beyond Classic Motor Physiology. Neurosurg. Focus 2009, 27, E4.
  8. Zeadally, S.; Siddiqui, F.; Baig, Z. 25 Years of Bluetooth Technology. Future Internet 2019, 11, 194.
  9. Berezhnoy, D.; Bergaliyev, T.; Sakhno, S. Application of the Bluetooth Protocol for Data Transfer from Computer to the Brain in Active BCI-Interfaces and Development of the Small Bluetooth Neural Stimulation Device. In Proceedings of the 2020 International Conference Engineering and Telecommunication, Dolgoprudny, Russia, 25–26 November 2020.
  10. Bruno, R.; Conti, M.; Gregori, E. Bluetooth: Architecture, Protocols and Scheduling Algorithms. Cluster Comput. 2002, 5, 117–131.
  11. Bluetooth Protocol Stack—MATLAB Simulink. Available online: https://www.mathworks.com/help/bluetooth/ug/bluetooth-protocol-stack.html (accessed on 1 April 2024).
  12. Ajrawi, S.; Rao, R.; Sarkar, M. Cybersecurity in Brain-Computer Interfaces: RFID-Based Design-Theoretical Framework. Inf. Med. Unlocked 2021, 22, 100489.
  13. Saha, S.; Mamun, K.A.; Ahmed, K.; Mostafa, R.; Naik, G.R.; Darvishi, S.; Khandoker, A.H.; Baumert, M. Progress in Brain Computer Interface: Challenges and Opportunities. Front. Systems Neurosci. 2021, 15, 578875.
  14. Rashid, M.; Sulaiman, N.; PP Abdul Majeed, A.; Musa, R.M.; Ab. Nasir, A.F.; Bari, B.S.; Khatun, S. Current Status, Challenges, and Possible Solutions of EEG-Based Brain-Computer Interface: A Comprehensive Review. Front. Neurorobot. 2020, 14, 25.
  15. Wu, D.; Xu, J.; Fang, W.; Zhang, Y.; Yang, L.; Xu, X.; Luo, H.; Yu, X. Adversarial Attacks and Defenses in Physiological Computing: A Systematic Review. Natl. Sci. Open 2023, 2, 20220023.
  16. EMOTIV. Available online: https://www.emotiv.com/epoc/ (accessed on 17 December 2023).
  17. EEG & ECG Biosensor. Available online: https://neurosky.com/ (accessed on 17 December 2023).
  18. MYNDPLA. Available online: https://myndplay.com/ (accessed on 17 December 2023).
  19. XWave. Available online: https://www.eyecomtec.com/3405-XWave,%22 (accessed on 17 December 2023).
  20. ULTRACORTEX "MARK IV" EEG HEADSET. Available online: https://shop.openbci.com/products/ultracortex-mark-iv (accessed on 17 December 2023). (accessed on 17 December 2023).
  21. TajDini, M.; Sokolov, V.; Kuzminykh, I.; Shiaeles, S.; Ghita, B. Wireless Sensors for Brain Activity—A Survey. Electronics 2020, 9, 2092.
  22. OpenBCI. Available online: https://openbci.com/ (accessed on 17 December 2023).
  23. Takabi, H.; Bhalotiya, A.; Alohaly, M. Brain Computer Interface (BCI) Applications: Privacy Threats and Countermeasures. In Proceedings of the 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, Pittsburgh, PA, USA, 1–3 November 2016.
  24. Wahlstrom, K.; Fairweather, N.B.; Ashman, H. Privacy and Brain-Computer Interfaces: Identifying Potential Privacy Disruptions. Acm Sigcas Comput. Soc. 2016, 46, 41–53.
  25. Takabi, H. Firewall for Brain: Towards a Privacy Preserving Ecosystem for BCI Applications. In Proceedings of the 2016 IEEE Conference on Communications and Network Security, Philadelphia, PA, USA, 17–19 October 2016.
  26. Pycroft, L.; Boccard, S.G.; Owen, S.L.; Stein, J.F.; Fitzgerald, J.J.; Green, A.L.; Aziz, T.Z. Brainjacking: Implant Security Issues in Invasive Neuromodulation. World Neurosurg. 2016, 92, 454–462.
  27. Ienca, M.; Haselager, P.; Emanuel, E.J. Brain Leaks and Consumer Neurotechnology. Nat. Biotechnol. 2018, 36, 805–810.
  28. Landau, O.; Puzis, R.; Nissim, N. Mind Your Mind: EEG-Based Brain-Computer Interfaces and Their Security in Cyber Space. ACM Comput. Surv. 2020, 53, 1–38.
  29. Belkacem, A.N. Cybersecurity Framework for P300-based Brain Computer Interface. In Proceedings of the 2020 IEEE International Conference on Systems, Man, and Cybernetics, Toronto, ON, Canada, 11–14 October 2020.
  30. Bernal, S.L.; Celdrán, A.H.; Pérez, G.M.; Barros, M.T.; Balasubramaniam, S. Security in Brain-Computer Interfaces: State-of-the-Art, Opportunities, and Future Challenges. ACM Comput. Surv. 2021, 54, 1–35.
  31. Bernal, S.L.; Celdrán, A.H.; Pérez, G.M. Neuronal Jamming Cyberattack over Invasive BCIs Affecting the Resolution of Tasks Requiring Visual Capabilities. Comput. Secur. 2022, 112, 102534.
  32. Lahtinen, T.; Costin, A. Linking Computers to the Brain: Overview of Cybersecurity Threats and Possible Solutions. In Proceedings of the International Symposium on Business Modeling and Software Design, Utrecht, Netherlands, 3–5 July 2023.
  33. Jiang, X.; Fan, J.; Zhu, Z.; Wang, Z.; Guo, Y.; Liu, X.; Jia, F.; Dai, C. Cybersecurity in Neural Interfaces: Survey and Future Trends. Comput. Biol. Med. 2023, 167, 107604.
  34. Thomopoulos, G.A.; Lyras, D.P.; Fidas, C.A. A Systematic Review and Research Challenges on Phishing Cyberattacks from an Electroencephalography and Gaze-Based Perspective. Pers. Ubiquitous Comput. 2024, 1–22.
  35. Rid, T. Cyber war will not take place. J. Strateg. Stud., 2012, 35, 5–32.
  36. Strategic Cyber Security. Available online: https://ccdcoe.org/uploads/2018/10/2011_Proceedings_0-1.pdf (accessed on 26 June 2024).
  37. Sigholm, J. Non-State Actors in Cyberspace Operations. J. Mil. Stud. 2013, 4, 1–37.
  38. Stoddart, K. Non and Sub-State Actors: Cybercrime, Terrorism, and Hackers. In Cyberwarfare: Threats to Critical Infrastructure, 1st ed.; Stoddart, K., Ed.; Palgrave Macmillan: Cham, Switzerland, 2022; pp. 351–399.
  39. Stoddart, K. Hacking the Human. In Cyberwarfare. Palgrave Studies in Cybercrime and Cybersecurity, 1st ed.; Stoddart, K., Ed.; Palgrave Macmillan: Cham, Switzerland, 2022; pp. 281–349.
  40. Acharige, K.M.; Albuquerque, O.; Fantinato, M.; Peres, S.M.; Hung, P.C. A Security Study of Bluetooth-Powered Robot Toy. J. Surveill., Secur. Saf. 2021, 2, 26–41.
  41. Qian, Y.; Ye, F.; Chen, H.H. Bluetooth Security. In Security in Wireless Communication Networks, 1st ed.; Qian, Y., Ye, F., Chen, H.H., Eds.; John Wiley & Sons: Hoboken, NJ, USA, 2022; pp. 153–175.
  42. Wei, F. Detecting Bluetooth Attacks Against Smartphones by Device Status Recognition. In Proceedings of the Artificial Intelligence and Security: 6th International Conference, Hohhot, China, 17–20 July 2020.
  43. Shrestha, S.; Irby, E.; Thapa, R.; Das, S. SoK: A Systematic Literature Review of Bluetooth Security Threats and Mitigation Measures. In Proceedings of the International Symposium on Emerging Information Security and Applications, Copenhagen, Denmark, 12–13 November 2021.
  44. Lonzetta, A.M.; Cope, P.; Campbell, J.; Mohd, B.J.; Hayajneh, T. Security Vulnerabilities in Bluetooth Technology as Used in IoT. J. Sens. Actuator Networks 2018, 7, 28.
  45. Yun, Y.H.; Kim, D.W.; Choi, J.A.; Kang, S.H. An Intelligent Bluetooth Intrusion Detection System for the Real Time Detection in Electric Vehicle Charging System. Convergence Secur. J. 2020, 20, 11–17.
  46. Haataja, K.; Toivanen, P. Two Practical Man-in-the-Middle Attacks on Bluetooth Secure Simple Pairing and Countermeasures. IEEE Trans. Wireless Commun. 2010, 9, 384–392.
  47. Johansson, P.; Kazantzidis, M.; Kapoor, R.; Gerla, M. Bluetooth: An Enabler for Personal Area Networking. IEEE Network 2001, 15, 28–37.
  48. Phan, R.C.W.; Mingard, P. Analyzing the Secure Simple Pairing in Bluetooth v4.0. Wireless Pers. Commun. 2012, 64, 719–737.
  49. Mirzadeh, S.; Cruickshank, H.; Tafazolli, R. Secure Device Pairing: A Survey. IEEE Commun. Surv. Tutorials 2013, 16, 17–40.
  50. Antonioli, D.; Tippenhauer, N.O.; Rasmussen, K. Low Entropy Key Negotiation Attacks on Bluetooth and Bluetooth Low Energy. Cryptol. ePr. Arch. 2019.
  51. Wu, J.; Nan, Y.; Kumar, V.; Tian, D.J.; Bianchi, A.; Payer, M.; Xu, D. BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy. In Proceedings of the 14th USENIX Workshop on Offensive Technologies, Online, 11 August 2020.
  52. Panse, T.; Panse, P. A Survey on Security Threats and Vulnerability attacks on Bluetooth Communication. Int. J. Comput. Sci. Inf. Technol. 2013, 4, 741–746.