The human condition is plagued by a labyrinth of shortcomings, frailties, and
limitations that hinder man from reaching his fullest potential. Therefore, it
only makes sense that we find ourselves at the next phase in human evolution
where restricted man merges with the infinite possibilities of hyper-evolving
technologies. This techno-human transmutation will prove to be “THE” quantum
leap in human progression. The harmonization of technologically extending
oneself, consciousness, artificial intelligence and machine learning will
reverse the failures of genetic predisposition and limitation.
“Cyborgification” is simply the process of compensating technologically for the inherent limitations of “natural” man. Cybernetic implants ranging from near-field communication (NFC) tags to pacemakers to neural meshes are already available to consumers. Before this quantum leap, it is essential that device developers implement security-by-design at each stage of the developmental lifecycle to mitigate the privacy and security impacts that could be realized if adversaries compromised vulnerable implant devices.
The cybernetic revolution is happening, and it’s imperative
that civil liberties and privacy issues are addressed by system designers,
innovators, regulators, and legislators, says James Scott, a Senior Fellow at
cybersecurity think tank ICIT (Institute for Critical Infrastructure
Technology).
released
paper on the topic of implantable devices
With a recently released paper on the topic of implantable
devices, he provided a comprehensive overview of the current situation
regarding the use of medical and non-medical implants, and the security and
privacy issues that already arose from their use, and are likely to arise in
the future.
He expects sophisticated cybernetic implant systems to be
more widely deployed in the next decade, and would like to see
security-by-design be prioritized while implant devices are still in the
inceptive phase. If we fail to do that, he says, there may not be any way to
mitigate the onslaught of privacy and security harms poised to disrupt
humanity’s potential evolution.
What we need is “responsible regulatory legislation that
does not pander to the whims of metadata curators and data brokers and that
mandates security-by-design.”
wearables
tech desensitized consumers to continual monitoring
Scott views wearables as a gateway technology that
desensitized consumers to continual monitoring and collection of biological and
behavioral data, which is then used and can be capitalized by the companies
that develop them, associated third parties, and possibly cyber-threat actors
that manage to get their hands on it.
“Even if the data were only used ‘by authorized parties,’
users could suffer if the data were deterministically employed in decisions
determining hiring or credit. For instance, hypothetically, users could be
charged more for life insurance based on the data collected from a fitness
monitor,” he notes.
And, of course, these are devices that users can choose to
take off and stop using at any time. But what happens when they can’t?
issue of the
security of medical implants
The issue of the security of medical implants has lately
achieved a degree of visibility, thanks to many security researchers who, for
personal or altruistic reasons, decided to test it.
Medical implants are welcomed by users out of necessity: if
you can’t see or hear, wouldn’t you embrace the possibility of an implant that
will help you regain a modicum of vision or hearing – security and privacy
issues be damned?
And if you need a pacemaker or an insulin pump, you are more
likely to prefer one that can be repeatedly reconfigured according to your
needs, accessed remotely by medical personnel (if necessary), and able to
collect and provide information for better healthcare decisions in the future.
Unfortunately, if security protections are not there or are
poor, all those positive things can be exploited by attackers for nefarious purposes.
Still, for most, the idea of a cyber attack against their implants is not
realistic, and the pros outweigh the cons, so they gladly accept them.
Implantable NFC chips, on the other hand, are not something
that most users will currently accept, even if they can be convenient (they can
be used to communicate contact information, make Bitcoin payments, unlock
mobile devices or doors, starts smart vehicles, and so on).
But, the time may come when they become ubiquitous, and the
choice of implanting them or not could have considerable positive or negative
(and potentially disastrous) economical consequences. And is it really a choice
if the consequence of your refusal of your behavior being tracked through an
implantable device is (in the most extreme case) your family starving?
problems
that should be addressed before implants become ubiquitous.
The aforementioned “involuntarily voluntary” adoption of
implantable devices is just one of the problems that should be addressed before
implants become ubiquitous.
Other issues that should be tackled is the lack of
security-by-design, the problem of users often considering cybersecurity
features as barriers rather than defenses, and insecure connections.
“Users naively assume that devices will not be targeted
because ‘they are too niche’ or ‘an attacker would not gain much;’ however,
threat actors have consistently proven that if a device is vulnerable, it is
worth exploiting,” Scott noted.
“Attackers are not always logical or correct. A script
kiddie might detect an implant device via local traf c snif ng or the Shodan
search engine and decide to compro- mise it ‘for fun.’ Some aspiring
cybercriminal might detect an IP address and try to infect the associated
device with ransomware without bothering to check if it is ‘worth
compromising.'”
Also, we should have a guarantee that implants can’t be
repurposed in the future without our knowledge and/or approval. And we should
know how the data they collect is stored, secured, and used.
“‘Cyborgification’ raises a host of ethical questions and
security and privacy concerns that private sector organizations should address
before adopting emerging implant technologies,” he notes.
Comments
Post a Comment