Lezing aanvragen

Biohacking: when your body becomes a target

Picture of Richard van Hooijdonk
Richard van Hooijdonk
Tomorrow’s biotech devices will improve our health and extend the human lifespan, but they could also be the next frontier in the war against cyber crime.

Executive summary

Today, biohacking refers to a series of tools, techniques, and technologies that allow us to push the limits of our human bodies in areas like physical strength, recall, and agility. In the future, however, it will be a great deal more dramatic – think genomic editing and devices that connect your brain to the internet. Sounds awesome, right? Well, in this brave new world, you’ll need to safeguard yourself against another type of biohacker – someone who can hack into your body, corrupt your technology implants, and maybe even steal your very thoughts.

Table of contents
  • Today’s biohackers are just regular people who use data to make informed lifestyle decisions or use wearable medical devices like Fitbits or blood glucose monitors.
  • The biohackers of tomorrow will be able to modify their DNA to achieve superlative human strength or overcome genetic diseases. What’s more, they’ll have brain implants that improve their memory and grant instant access to untold knowledge.
  • Cognify, a conceptual “prison of the future” illuminates the ways in which biohacking could be used to terrifying effect. If we permit false memories to be implanted in our criminals, could a criminal implant them in us?
  • We already know that genetic information is a valuable commodity in the world of cyber crime: the 2023 hacking of genetic testing firm 23andMe quickly led to millions of user profiles being auctioned on the dark web.
  • “The loss of mental privacy – this is a fight we have to [start] today,” warns Rafael Yuste, neuroscientist at Columbia University.

Fortunately, malicious biohacking has yet to really become a thing. This almost certainly won’t last, however – it is easy to imagine the geopolitical and societal chaos that could ensue should the deepest thoughts of a high-ranking politician be publicly exposed. That’s why we need to take the matter seriously today and develop the counterweight technologies and regulations that will help ensure that tomorrow’s biohackers work to realise our highest ambitions – and not succumb to our worst impulses.

“Since biohacking could be considered hacking in itself, what we analyse […] is whether someone with malicious intent could use this willingness to self-hack to ‘cyber attack’ our bodies.”

Pablo Martinez, ethical hacker, Entelgy Innotec Security

Is your body safe from cyber threats?

When we think about the future of humanity, we tend to think on the macro scale. We engage with new technologies in terms of how we interact with them collectively, and what they mean for us as a whole. Rarely do we breach the surface and think about how they might change us at the cellular level. This is, of course, understandable: we tend to externalise change, perceiving ourselves as a constant throughline. But the truth is that we may need to reassess this notion. As we transform the world around us, why would we rule ourselves out?

That brings us to the rise of biohacking – a series of techniques, tools, and technologies that range from mechanical enhancements to the human body to the modification of our very DNA. For the first time in the history of life on Earth, evolution is going to be something we can do voluntarily, and experience within our own lifespan. But how can we safeguard ourselves in this brave new cybernetically-enhanced world? Unsettling news stories about major organisations being hacked are increasingly the norm these days. As much as we hate the idea of our medical information or social security numbers being leaked, it pales in comparison to what a malicious biohacker could accomplish at our expense.

Welcome to the latest and most insidious frontier in cyber warfare. In this article, we will delve into the dark side of biohacking and share some shocking examples of how this exciting technology might be exploited at our expense. We’ll also consider what – if anything – we can do to protect ourselves against these surreptitious threats.

Biohackers: the good, the bad, and the ugly

Biohacking could be used to transform and extend our human lives – or it could be used to wreak unprecedented havoc.

Let’s start things off with an important clarification. The term ‘biohacking’ is not new and does not refer to any type of act conducted by malicious actors. Rather, it’s been with us for decades. It emerged in the mid-2000s amid the rise of genetic analysis tools such as sequencing, which opened the door for us to better understand our bodies – and maybe someday modify them, too. Biohacking can also refer to the mundane practice of making data-backed lifestyle changes to improve our physical and mental health. Then there’s technology-based biohacking, which involves the use of wearable and diagnostic devices like Fitbits and blood glucose monitors. In other words – you’re probably a biohacker already.

In the future, biohacking is going to be a lot more dramatic. Genetic engineering is the most complex form of biohacking, and enormous strides are already being made in the field. Consider, for example, that through telomerase gene therapy (don’t ask, it’s a whole essay), researchers have been able to extend the lifespan of mice by 41%. We’ve also been able to enhance muscle strength in mice with Duchenne muscular dystrophy through CRISPR DNA injections. It is easy to imagine the transformative impact genetic engineering could have on our everyday lives.

Alongside this revolution in genetic engineering will come in-body devices that augment our natural functions and monitor our well-being in unprecedented ways. Take, for example, Elon Musk’s Neuralink: for all the controversy surrounding it, it has already been demonstrated to restore some freedom to those with severe paralysis. Perhaps soon, there will be devices that can track and analyse our very thoughts for signs of stress, or toxic thought patterns. The possibilities are both shocking and dazzling – what if, for example, a cadre of nanobots could detect a mental health episode and mitigate it by tweaking our brain chemistry?

Why cyber body security matters

There is, admittedly, something rather discomfiting about allowing our bodies to be modified in such ways. We are vulnerable creatures prone to all kinds of sickness and ailment – that’s without messing with our genes or installing software onto our brains. We have decades of Hollywood science fiction already on hand to populate our imaginations with gnawing representations of body modification gone wrong.

Gaining unlawful access to a medical device implanted in one’s body could allow a malicious actor to commit unspeakable crimes. At the simplest level, they could cause such a device to stop working, potentially endangering human life. If the device in question is monitoring our wellbeing, hackers could cause it to send out false information, potentially allowing a medical emergency to go unaddressed or even creating a fake one. In the more distant future, gaining access to somebody’s genetic information could have dizzying consequences: what if somebody were able to spoof your entire identity with it?

This extraordinary vulnerability is not lost on those in positions to help via regulation. In the US, the FDA issued guidance for the cyber security of medical devices in September 2023, in an apparent response to an FBI report that revealed that 52% of internet-connected medical devices had critical security vulnerabilities. The EU’s Agency for Cyber Security has also issued a report detailing the importance of securing medical infrastructure at large. It does not mince words: any cyber attack against a hospital’s digital infrastructure will inherently lead to attacks on all medical devices connected to its network.

  • Biohacking involves a series of techniques, tools, and technologies used to improve our physical and mental health, ranging from mechanical enhancements to the human body to the modification of our very DNA.
  • As the most complex form of biohacking, genetic engineering could have a transformative impact on our lives, with the potential to significantly extend the human lifespan.
  • Having already demonstrated the ability to restore some freedom to those with severe paralysis, in-body devices like Neuralink could one day track and analyse our very thoughts for signs of stress or toxic thought patterns.
  • If a malicious actor gained unlawful access to a medical device implanted in one’s body, they could commit unspeakable crimes and potentially even endanger the person’s life.

A window into the dark side of biohacking

It’s easy to get carried away with the fanciful nature of high-tech biohacking, so let’s bring it closer to home with some unsettling real-world examples.

Your memories might not be your own

Brain-computer interfaces (BCIs) are arguably the most advanced and futuristic biotech (almost) available today. Everybody already has an opinion on them: some are excited, but many more are wary. Understandably, too – there is something undeniably dystopian about a device that connects your brain to the internet. Consider, for example, China’s controversial interest in BCIs for non-medical use among the general population. Ethical guidelines for this technology were released by the Chinese state government in February 2024, and note an interest in “attention modulation, sleep regulation, [and] memory regulation.” They go on to state that the technology should avoid weakening human decision-making capabilities, but only until “it is proven to surpass human levels and gains societal consensus.”

More specifically – and troublingly – BCIs could be used to implant false memories in a person. This is not mere speculation: people are actively working on this. Cognify, for example, is a concept “prison of the future” where inmates are implanted with false memories with the goal of aiding their rehabilitation and return to society. As the researchers explain, a violent offender may be punished with memories from the victim’s perspective, or a drug offender instilled with fake memories that “simulate the struggles of addiction and recovery.” Some may find this a favourable solution, but others will find it deeply inhumane. In any case, it is a very real possibility – researchers have already successfully inserted false memories into the brains of mice.

Is your medical implant a lifesaver… or a potential killer?

We don’t have to go straight to the bleeding edge and BCIs to observe how hackers could gain access to our bodies. The point of entry could be as mundane as an implanted medical device – say, for example, a pacemaker. Hacking pacemakers isn’t even a terribly new development: bug bounty firms demonstrated vulnerabilities within the devices many years ago. Insulin pumps and cardiac defibrillators are no less vulnerable, with consequences ranging from inaccurate readings and drug overdoses to sudden pain or even fatalities.

We don’t need to look to theories or controlled demonstrations to observe how dangerous the consequences could be. In August 2024, a glitch in the iOS app that controls the insulin pumps for people with diabetes caused the app to continuously crash and automatically reload, injuring over 220 people. This caused the pumps to quickly drain their batteries and become non-functional. “Pump shutdown will cause insulin delivery to suspend, which could lead to an under-delivery of insulin and may result in hyperglycemia or even diabetic ketoacidosis,” stated the FDA in a press release. Of course, this was only a glitch – imagine how much worse the consequences could be if malicious actors held the function of those devices at ransom.

Stealing the building blocks of life

As gene editing technologies continue to advance, the definition of what it means to be human is going to get a little blurry. A RAND report from 2021 notes that, for example, “adding reptilian genes that provide the ability to see in infrared,” and “making humans, stronger, more intelligent, or more adapted to extreme environments” were all perfectly reasonable (albeit crazy-sounding) applications for genomic editing. But before we all start splicing our genes with all manner of living things, we need to take a step back and consider the dangers. You might be thinking that the danger in question is some kind of nightmarish human-lobster hybrid. While that can’t be ruled out, we also need to consider the serious cyber security threats.

Trust us when we say that, in the future, the security of your genetic information is going to be a big deal. It is what makes you inextricably yourself, and letting that information get into the hands of malicious actors could prove positively disastrous. It could be used to spoof your identity, make you sick, or for use in illegal experiments. Maybe in the more distant future, it could even be used to create a clone of you. We don’t need to push that far ahead to observe the value hackers place upon genetic information, though. In 2023, genetic testing company 23andMe announced that seven million of its users had been hacked. It did not take long before the hackers began selling their hacked profiles on the black market for as much as US$10 apiece.

  • Brain-computer interfaces could potentially be used to implant false memories in a person.
  • Cognify is a concept “prison of the future” where inmates are implanted with false memories, such as those from the victim’s perspective, to aid their rehabilitation.
  • Implanted medical devices like pacemakers and insulin pumps could become prime targets for hackers.
  • Malicious actors could potentially use our genetic information to spoof our identity, make us sick, or conduct illegal experiments.

“Bio-hacking enables the creation of new stealthy attack capabilities by using chip implants inside bodies […] to conduct spying and cyber attacks that today are done over the internet – the threats are not theoretical.”

Len Noe, technical evangelist, CyberArk

The next geopolitical threat could be under your skin

While some cyber security experts are concerned about our bodies being hacked, others warn that the human body could become a part of the future hacker’s arsenal.

It has not taken long for cyber security experts to recognise the human body as a new frontier in the war against malicious actors. “Since biohacking could be considered hacking in itself, what we analyse […] is whether someone with malicious intent could use this willingness to self-hack to ‘cyber attack’ our bodies,” says Pablo Martinez, an ethical hacker working at Entelgy Innotec Security. The cyber security firm has already identified what it believes to be the most insecure – and therefore exploitable – implantable technology: RFID chips. These devices use emit and read radio waves to communicate with their environment. “This makes it possible for an attacker to read the information on a chip that works with RFID, being able to make a clone in another chip or in an RFID emulator,” adds Martinez.

Others are looking with grave concern towards a bleak and rather dystopian future. “The loss of mental privacy, this is a fight we have to [start] today,” warns Rafael Yuste, a neuroscientist at Columbia University. “That could be irreversible – if we lose our mental privacy, what else is there to lose? That’s it, we lose the essence of who we are.” Yuste and his colleagues are currently trying to kickstart an international movement for ‘neurorights’ – a set of principles he argues should be enshrined as law in every country to serve as a bulwark against the misuse and abuse of neurotechnology.

But those with medical implants aren’t always going to be the victims. So argues Len Noe, technical evangelist and self-described transhuman at CyberArk. “In the future, we can expect to see threat actors turn to technology that puts the attack power into their own hands – literally,” he remarks in an opinion piece published in The Hill. “Bio-hacking enables the creation of new stealthy attack capabilities by using chip implants inside bodies […] to conduct spying and cyber attacks that today are done over the internet.” The implications for identity-based security in federal and defence areas of operations in his view, are extremely serious. As such, he emphasises that government agencies put biohacking on their radar: “The threats are not theoretical.”

The most serious threats, fortunately, may not be on our doorstep just yet. While unwilling to dismiss the severity of cyber security threats against and within the human body, Martinez notes we are still at a very early stage. “We should not panic [just yet] – biohacking does not seem as advanced as we think. There are studies, experimental situations, but what we know so far is quite primitive. At the moment, we don’t carry our smartphone inside our head, and they can’t put a virus inside us.”

  • Cyber security experts are increasingly recognising the human body as a new frontier in the war against malicious actors.
  • One of the biggest concerns among experts is that we may one day lose our mental privacy.
  • Some experts are calling for the establishment of ‘neurorights’, a set of principles that will guard against the misuse and abuse of neurotechnology.
  • Threat actors may even be able to use medical implants to develop new stealthy attack capabilities.

Learnings

So what’s the big takeaway here? Well, it seems as though biohacking is a two-sided coin – on one side, you have the ability to extend and enhance human life in ways previously unimaginable. But on the other, you have a world of malicious opportunity – cyber crimes of a nature worse than anything we have yet experienced.

  • Tomorrow’s biohacking could enable us to tweak our genes so that we can see infrared light, but it also means our genetic information could be stolen and held at ransom. 
  • Gene editing is already making enormous strides – we have, for example, successfully extended the lifespan of mice by over 40% by tweaking their DNA.
  • If an implantable medical device is hacked, the consequences could be injury – or even death. An August 2024 glitch in an iOS app that controls patients’ insulin pumps illustrates how vulnerable they are, leading to the injury of more than 220 people. 
  • Both the US FDA and the European Commission have warned about the lack of urgency around securing today’s implantable devices.
  • Implantable devices could also be used as tools for infiltration and hacking themselves, leading to potentially disastrous consequences for national security.

Is the possibility that our innermost thoughts might be hacked and publicly exposed simply the cost of doing business in a post-human society? Not necessarily. To avoid that future, we need to take the issue seriously today and begin investing in the counter-technologies that will help us maintain the security and integrity of our bodies.

Some questions do remain outstanding, though. Who will be responsible for the data our bodies generate – ourselves, or a private organisation? Could biotech unintentionally lead to an all-new form of terrorism? And will our leaders need to forgo the use of medical implants for national security reasons? One thing is certain: this astonishing future is far from decided.

Healthcare
Artificial Intelligence
Generic talks
Topic talks
Industry talks
Richard van Hooijdonk

Renowned keynote speaker Richard van Hooijdonk offers inspiring lectures on world trends, technology, and marketing.

Linkedin Facebook-square Twitter-square
@ 2024 copyright richardvanhooijdonk.com
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Email
Print
Copy Link
Copy link
CopyCopied