Cyberattacks always have a common goal: to inflict harm upon targeted systems, organizations, or individuals. While there are various types of adversaries, they often employ similar methods. Deception, such as social engineering or phishing, is one of the most frequently used techniques. It aims to deceive users into revealing sensitive information or clicking on malicious links. Adapting continually, adversaries develop increasingly sophisticated attack methods in response to evolving security measures.

Script kiddies represent a specific category of adversaries who primarily rely on pre-existing tools and scripts created by more skilled hackers. Typically, these individuals lack experience and the ability to create their own tools, making them easier to identify and mitigate. They are often motivated by a desire to cause chaos or demonstrate their skills to peers.

In contrast, expert hackers pose a significantly greater threat. These individuals possess high-level skills and can develop their own attack tools and techniques. Consequently, they are more challenging to detect and prevent. They may also have specific goals, such as financial gain, industrial espionage, or even political motivations. These hackers are often persistent and take careful steps, investing time in meticulously planning and executing their attacks.

As the testing and integration of Brain-Computer Interfaces (BCIs) in the medical field continue to expand, it is crucial to acknowledge their susceptibility to cyberattacks. BCIs process and transmit sensitive data, making them attractive targets for malicious actors. Similar to regular computers, BCIs are vulnerable to cyberattacks. It is essential not to underestimate the capability of malicious actors to identify system weaknesses.

For instance, bad actors can exploit vulnerabilities to steal sensitive information by intercepting data transmitted between the BCI and external devices. Furthermore, they may gain control of the BCI device itself, potentially placing the user in a dangerous situation. Attackers can manipulate the commands sent by the BCI, causing users to perform unintended actions. This is particularly concerning in medical settings where BCIs are often used to control critical devices such as prosthetic limbs or implanted devices (Lopez Bernal, Huertas, and Martinez Perez 2021).

Cyberattacks on BCIs can be categorized into three main types: controlling, stealing, and disrupting. Unauthorized access, a primary security concern, involves attackers gaining control of a user's BCI device (Denning, Matsuoka, and Kohno 2009). Unauthorized access can occur through various methods, including physical tampering, exploiting software or hardware vulnerabilities, and intercepting wireless communication channels. Unauthorized access can lead to severe consequences, such as manipulating user inputs, disclosing private information, and potentially harming the user's health (Ajrawi, Rao, and Sarkar 2021).

Contrary to popular belief, unauthorized access doesn't always result from weak device security. User error and a lack of user awareness often contribute to these attacks. Weak passwords, negligence in downloading malicious files, and leaving sensitive information exposed can all lead to unauthorized access.

Another threat to BCIs is signal manipulation, which involves altering BCI signals. Successful signal manipulation can result in incorrect interpretation and potentially harmful consequences (Martinovic et al. 2012). Adversarial machine learning attacks can deceive BCI classifiers, while signal jamming can disrupt BCI communication channels. These attacks primarily target the early signal processing or signal acquisition stages. However, bad actors are often more interested in acquiring signals for the theft of sensitive information, such as banking details or passwords.

BCIs are currently prevalent in medical environments, where they control external devices or modify brain processes. However, as these devices evolve, they will become vulnerable to a broader range of threats. BCIs may soon be used for internet browsing and program downloads, making them as vulnerable as traditional PCs but with potentially more severe consequences in the event of a security breach.

A recent study published in the IEEE Transactions on Information Forensics and Security demonstrated a Distributed Denial of Service (DDoS) attack on a BCI system by manipulating electroencephalogram signals (Lopez Bernal, Huertas, and Martinez Perez 2021). Such attacks can be just as dangerous as unauthorized access, especially given the intended purpose of BCIs to alter brain activity. Disruption of this process could potentially harm the brain.

Apart from signal acquisition and signal processing, the application interface of BCIs is even more vulnerable. Attackers who gain access to this interface can more easily understand and manipulate information and commands, making data theft or manipulation more straightforward.