When Elon Musk introduced the world to his latest project, the Neuralink brain-computer interface (BCI), in August, he reminded us that the lines between brain and machine are becoming increasingly blurred.
Although Neuralink and BCIs are many years away from widespread use, their potential benefits and use cases are compelling, especially as the technology evolves from Level 1 applications, such as helping people with spinal cord injuries, to more complex applications, such as controlling multiple devices.
Certainly, the consequences of high-level hacking are severe today, but we’ve never had computers connected to our brains before, which seems like the ultimate prey for hackers.
Our brains contain information that computers don’t. A brain connected to a computer/artificial intelligence such as a BCI removes that barrier to the brain, potentially allowing hackers to get in and cause problems we can’t even imagine today. Could hacking people via BCI be the next big evolution of hacking, done through a dangerous combination of previous hacking methods?
To better understand how the brain might be hacked, we should first examine how the relationship between humans, computers, and hackers has evolved.
The 1980s to mid-1990s: Hacking technologies to get human data
Although hacking has been around since the 1960s, the modern era began in the 1980s, when personal computers – and then hackers – entered homes.
The hacking took advantage of emerging technologies that were easy to manipulate. Hackers during this time primarily targeted personal and financial information, such as credit card data, and used technology to obtain that data.
The 1992 movie Sneakers – about a black box capable of cracking any encryption key and ensuring that there are “no more secrets” – helped popularize and expose some of the hacking techniques used at the time, such as infiltration, physical penetration and backdoor access. At the time, computers were the gateway to human data.
The mid-1990s to Today: Hacking Technology Over People
As technology became more accessible, people began to store more and more of their private, sensitive data in technology, which was now the key to the hackers’ treasure.
While the core theme of Sneakers was to use a black box to decrypt systems cryptographically, social engineering was used extensively to gain access to that box – a tactic that increased exponentially as the hackers’ approach changed. Instead of breaking into the technology itself, hackers are using the vulnerabilities of human behavior (the weakest link) to break into the technology we rely on to store our vital information.
This period was characterized by phishing and all forms of social engineering – the psychological manipulation of people by hackers to persuade them to comply with the hackers’ wishes. During this time, people were the link to technology.
The future: hacking people through technology
In previous eras, there were barriers between hackers and their targets due to the physical separation between humans and technology. But what happens when that separation between people and technology blurs? When they’re essentially one and the same?
This is one of the biggest safety concerns with BCI technologies like Neuralink. The core promise of the technology – the brain’s direct communication with computers – could also prove to be its biggest security vulnerability. There would no longer be a separation between humans and computers, requiring some form of authentication and assessment.
If a computer that is connected to the brain, as is the case with Neuralink, were to be hacked, the consequences could be catastrophic, giving hackers ultimate control over a human.
If Neuralink penetrates the human brain with high accuracy, what might hacking a human look like? Following traditional patterns, hackers would likely target high-net-worth individuals, perhaps trying to manipulate them into transferring millions of dollars to an offshore bank account held by the hacker. Executives in boardrooms might be hacked to make decisions that have significant financial consequences.
In an even more alarming scenario, a hacker could take control of large numbers of people and get them to vote for a particular candidate, party, or issue, which could secretly topple governments and entire government infrastructures. And in the worst case, hacking a neural link-like device could turn “hosts” into programmable drone armies capable of doing whatever their “master” wants. Autopilot software features in cars have already led to deaths; imagine what a hacked army of sentient beings could do.
Some perspectives
Although the above scenarios are far-fetched and Neuralink is still far off, it is never too early to explore how the inevitable hacking might unfold. Some experts believe the Singularity – the point at which artificial intelligence reaches human intelligence – will occur by 2045. And as cybersecurity professionals know all too well, hackers are usually one step ahead of security protocols. Hence, it’s not a matter of “if” but “when” they will attack a Neuralink-type device.
To be clear, technological progress is fundamental to human progress. It always has been, and it always will be. BCI holds enormous potential for good. However, technological progress must be made thoughtfully, considering a critical aspect of the “human element” of safety – ethics.
This reminds me of one of Sun Tzu’s strategic principles, “悬权而动,” which states that one should always “think carefully and weigh carefully” before making one’s strategic move. Now is the time to develop a solid set of responsible Big Data and AI ethical frameworks and governance that companies must follow when developing intrusive technologies like BCIs.
Finally, for those who want to venture into the BCI space, I would like to share some powerful words from chess grandmaster Garry Kasparov, who spent much of his career challenged by machines and AI: “We have free will; our machines do not. From the beginning, we need to build in human accountability and ethics.”