Imagine a world where your body was part of your connected home security solution and you could automatically scan your surroundings for cyber-threats. Or where your body could sense other, more human threats in the vicinity, based on an intelligent, computational analysis of behavioural and emotional markers that your conscious mind might miss. Would you feel stronger and safer?
By Marco Preuss, Director, Global Research and Analysis Team EU
The human computer
At a time when many people are focused on the implications of making machines more 'human'; smarter, more adaptive and able to read and respond to emotions, it is worth thinking about the journey that is taking place in the opposite direction: the introduction of technology into the human body. In this case, tiny connected bio-chips, the size of grain of rice. A little, silicon-encased microprocessor that has the potential to become your very own, internal superhero; but also to become your greatest enemy if the industry gets the security wrong.
The world today
In early 2015, Kaspersky Lab got together with a company called BioNyfiken to consider the security of embedded wireless bio-chips. Currently, bio-chips have no power source and this means the data cannot be encrypted and is therefore insecure. Combined with the fact that currently chips can only hold about a business card's worth of data and communicate it externally over very short distances, it quickly becomes clear that current applications – and therefore levels of risk - are limited. However, this is set to change – and once the first big hurdle is overcome, that of an appropriate power supply, everything will suddenly start to happen very quickly.
By then it may be too late to do the essential ground work on security. Security needs to be built in from the very start, not bolted-on at the end. The job starts now.
My role is to consider the future. What is the potential of this amazing technology and what might the associated security risks be that we need to consider and address?
Let's start with the importance of a power source. Power is critical because it will enable data encryption, keeping information secure as it is stored and communicated. Batteries are not ideal, since they run out and nobody really wants to keep opening their body up to replace them or have to connect themselves to an external charger. This leads us to the option of an internal power source, such as body heat, exercise or even excess calories.
Once the chip has power it will also become possible to use a more advanced microprocessor – one capable of handling and communicating more data – and over a larger distance. This will be the springboard for more sophisticated applications.
Connected bodies 2.0
A secured, powered chip could, for example be integrated into other connected systems, such as an advanced cyber-security solution, or a connected home, becoming an integral part of the user's protective environment.
But the real fun begins when you start to add artificial intelligence capability to the chip. Now the possibilities are almost endless.
For example, imagine if your bio-chip had the capability to detect and analyse the physiological and behavioural signs of tiredness, anger, unease or distress, such as increased heart rate or body temperature, body language or eye contact – both internally in the user and externally in their immediate surroundings.
This could act as an effective early warning system for an external threat, particularly at night. Or it could trigger the user's car to be disabled so they can't endanger themselves, or others by driving when too tired.
Such applications are not as far away as they might seem. In computer terms, such capability, known as 'affective computing' is already in use in customer service environments, mainly to detect and prioritise the most irate callers, or to spot micro-expressions for advertising and marketing purposes. A UK police force is trialling the technology in fitness bands to detect whether officers are under stress and in need of back up. It is not a huge step from here to embedding such capability within the human body.
Protection vs privacy
Where technology goes, the cybercriminals are rarely far behind. The data generated by such applications is highly sensitive, personal and confidential, and therefore of immense appeal to cyberattackers. Understanding the potential security risks and addressing them with comprehensive security solutions that include robust encryption and authentication, for example, should be a top priority for the security industry and product and service providers.
This needs to be complemented by consumer education and communication. We recently undertook research across Europe to explore how ordinary consumers view the risk and potential of connected bio-chip implants. We found that, as is often the case with emerging technologies, fear of the unknown can be overwhelming, with two-thirds concerned that an implanted chip might malfunction and harm them (63%) or enable someone with malicious intent to take over their body or data (60%). The truth is that without the right security in place, these are all possible. At the same time, many were open to the benefits the technology could bring.
So we shouldn't let fear paralyse progress when there is action we can and should take. Implanted, connected bio-chips can make our lives richer, easier and safer. Let's focus our energy on making sure they do so safely.