{ "version": "4.0", "generated_from": "qif-lab/src/config.py", "framework": "Quantified Interconnection Framework (QIF) for Neural Security", "statistics": { "total_techniques": 161, "total_tactics": 16, "total_domains": 8, "by_tactic": { "QIF-B.EV": 6, "QIF-B.IN": 6, "QIF-C.EX": 17, "QIF-C.IM": 6, "QIF-D.HV": 11, "QIF-E.RD": 13, "QIF-M.SV": 9, "QIF-N.IJ": 11, "QIF-N.MD": 24, "QIF-N.NM": 3, "QIF-N.SC": 3, "QIF-P.DS": 19, "QIF-S.CH": 6, "QIF-S.FP": 4, "QIF-S.HV": 16, "QIF-S.RP": 5, "QIF-S.SC": 2 }, "by_status": { "CONFIRMED": 29, "DEMONSTRATED": 43, "EMERGING": 26, "THEORETICAL": 61, "PLAUSIBLE": 1, "SPECULATIVE": 1 }, "by_severity": { "critical": 32, "high": 69, "medium": 56, "low": 4 }, "by_ui_category": { "SI": 16, "DS": 15, "SE": 23, "DM": 23, "PS": 7, "EX": 23, "PE": 9, "CI": 19 }, "by_niss_severity": { "critical": 0, "high": 27, "medium": 53, "low": 54, "none": 1 }, "niss_cvss_mapping": { "pins_flagged": 33, "by_gap_group": { "1": 12, "2": 28, "3": 58 } }, "tara": { "version": "1.6", "enriched_techniques": 135, "dual_use_breakdown": { "confirmed": 79, "probable": 18, "possible": 9, "silicon_only": 29 }, "techniques_with_clinical_analog": 104, "techniques_silicon_only": 29, "dsm5": { "version": "1.0", "techniques_with_dsm5": 135, "unique_dsm_codes": 15, "cluster_breakdown": { "motor_neurocognitive": 26, "cognitive_psychotic": 22, "mood_trauma": 27, "non_diagnostic": 51, "persistent_personality": 9 }, "risk_class_breakdown": { "direct": 75, "indirect": 11, "none": 49 } }, "neurorights_mapped": 135 }, "neurorights": { "version": "1.0", "taxonomy": { "MP": "Mental Privacy", "CL": "Cognitive Liberty", "MI": "Mental Integrity", "PC": "Psychological Continuity", "DI": "Dynamical Integrity (folded into MI)", "IDA": "Informational Disassociation (folded into MP)" }, "sources": [ "Ienca & Andorno 2017 (original 4: MP, CL, MI, PC)", "QIF Framework (MI extended with signal dynamics, MP extended with data lifecycle)" ], "techniques_by_right": { "MP": 118, "CL": 77, "MI": 91, "DI": 63, "PC": 79, "IDA": 5 }, "cci_stats": { "mean": 0.75, "max": 2.25, "min": 0.1, "techniques_above_2": 6 } }, "regulatory": { "version": "1.0", "framework": "FDORA Section 3305 / Section 524B", "cyber_device_techniques": 68, "non_cyber_device_techniques": 67, "prong_failure_reasons": { "software": 61, "network_connectable": 26 }, "techniques_per_requirement": { "TM": 135, "VA": 134, "SA": 97, "SBOM": 61, "PM": 130 }, "coverage_stats": { "mean": 0.39, "min": 0.1, "max": 0.8, "below_0.5": 74 }, "top_gaps": { "CVSS cannot express neural-specific impacts": 91, "Threat not yet in regulatory threat catalogs": 60, "No FDA pathway for consumer sensor exploitation": 45, "CVSS partially captures risk; neural dimensions missing": 30, "High neural impact": 19, "Consent complexity under-matches neural impact": 13, "Software-only attack without software lifecycle standard": 12 } }, "physics_feasibility": { "version": "1.0", "analysis_date": "2026-02-18", "constraint_system_ref": "QIF Derivation Log Entry 60", "by_tier": { "feasible_now": 61, "mid_term": 10, "far_term": 2, "no_physics_gate": 18, "near_term": 11 }, "notes": [ "Tier 0 (feasible_now): Attack hardware exists today", "Tier 1 (near_term, 2026-2031): Components exist but integration is new", "Tier 2 (mid_term, 2031-2038): Needs 28nm-7nm BCI chips, 10k+ channels, or high-density bidirectional", "Tier 3 (far_term, 2038+): Needs nanoscale electrodes or quantum-regime hardware", "Tier X (no_physics_gate): Software/platform/network attack, physics does not constrain" ] }, "by_origin": { "literature": 49, "qif_recontextualized": 46, "neuroethics_formalized": 3, "qif_theoretical": 6, "qif_chain_synthesis": 5 }, "tara_taxonomy_version": "1.0" }, "changelog": [ { "version": "1.6", "date": "2026-02-16", "title": "FDORA §3305 Regulatory Compliance Mapping", "summary": "Added per-technique FDORA Section 524B cyber device classification, applicable submission requirements, regulatory coverage scoring, and gap analysis. 68 of 135 techniques target cyber devices. Mean regulatory coverage: 0.39.", "added": [], "enrichments": [ "regulatory.fdora_524b.cyber_device — 3-prong cyber device test result", "regulatory.fdora_524b.applicable_requirements — TM/VA/SBOM/SA/PM applicability", "regulatory.fdora_524b.coverage_score — 0.0–1.0 existing regulatory coverage", "regulatory.fdora_524b.gaps — specific regulatory gaps identified" ], "therapeutic_highlights": [ "Regulatory gap analysis enables targeted FDORA compliance for BCI manufacturers", "Coverage scoring identifies techniques where existing standards are insufficient", "74 techniques have coverage below 0.5 (major gaps)", "Per-technique gap lists provide actionable compliance checklists" ] }, { "version": "1.8", "date": "2026-03-15", "title": "ICD-10 Code Corrections, PC Backfill, Neurological Mappings Expansion", "summary": "Quorum-validated ICD-10 corrections: G20→G25.89 (21 refs, Parkinson's-specific FY2025), non-billable parents→billable subcodes (G40→G40.909, G43→G43.909, etc.), H-code laterality fixes (10 codes), PC neurorights backfill (46→79/135), 8 new neurological mappings (NEURO-043 to NEURO-050: cardiac R00.x, device T85.1xx, TIA G45.9, headache G44.309, acoustic H93.3X9). SDK models updated for components, feeds_into, secondary_tactics fields.", "added": [], "changed": [ "G20 replaced with G25.89 across 21 references", "Non-billable parent codes replaced with billable subcodes", "H-codes updated with required laterality characters", "PC neurorights added to 33 techniques where NP>None", "6 NISS severity band violations corrected", "SDK NissData model updated with components field", "SDK CrossReferences model updated with secondary_tactics", "SDK ThreatTechnique model updated with feeds_into" ] }, { "version": "1.7", "date": "2026-02-21", "title": "Origin Classification + 6 New Techniques from Literature Gap Analysis", "summary": "Added origin field to all 109 techniques classifying provenance: literature (directly from BCI security papers), qif_recontextualized (phenomenon from other domain mapped as BCI threat), qif_chain_synthesis (novel composite attack chains), qif_theoretical (pure QIF derivation), neuroethics_formalized (ethics concern formalized as technique). Added 6 new techniques from literature gap analysis: 4 Murcia taxonomy attacks (Neural Spoofing, Sybil, Sinkhole, Nonce), neuromorphic mimicry attack, and data alignment exploitation.", "added": [ "QIF-T0104 Neural spoofing", "QIF-T0105 Neural sybil", "QIF-T0106 Neural sinkhole", "QIF-T0107 Neural nonce replay", "QIF-T0108 Neuromorphic mimicry attack", "QIF-T0109 Data alignment exploitation" ], "enrichments": [ "origin.category — provenance classification (literature|qif_recontextualized|qif_chain_synthesis|qif_theoretical|neuroethics_formalized)", "origin.original_authors — credited authors/sources for non-QIF-derived techniques", "origin.qif_contribution — what QIF added (framework_mapping|threat_recontextualization|chain_synthesis|original_derivation|formalization)", "statistics.by_origin — aggregate counts by origin category" ], "therapeutic_highlights": [ "Origin tracking enables proper academic credit attribution", "6 new techniques complete the Murcia taxonomy coverage (8/8) and add neuromorphic/alignment threats", "QIF contribution clearly distinguished from existing literature" ] }, { "version": "1.5", "date": "2026-02-16", "title": "Neurorights Mapping & Consent Complexity Index", "summary": "Added neurorights field to all 102 techniques mapping each to 7 neurorights (5 Ienca-Andorno + 2 QIF-proposed). Computed Consent Complexity Index (CCI) per technique. Cross-AI validated with Gemini. Identified 10 anomalies: 4 PINS inversions (silicon_only attacks under-consented relative to NISS), 4 under-consented persistent_personality techniques, 2 indirect risk misnomers.", "enrichments": [ "neurorights.affected — list of affected neurorights per technique", "neurorights.cci — Consent Complexity Index (0.1–4.0)", "statistics.neurorights — aggregate stats and taxonomy" ], "new_neurorights": [ "DI (Dynamical Integrity) — protection of neural homeodynamics", "IDA (Informational Disassociation) — right not to have neural data fused across modalities" ], "cross_ai_validation": "Gemini 2.5 Pro (2026-02-16) — validated all 7 gaps, confirmed 3 additional correlations, proposed DI and IDA rights", "added": [], "therapeutic_highlights": [ "Neurorights mapping enables rights-aware consent for all dual-use techniques", "Consent Complexity Index (CCI) identifies under-consented high-NISS techniques", "Dynamical Integrity right protects neural homeodynamics in feedback therapies", "Informational Disassociation right guards against cross-modal data fusion" ] }, { "version": "1.4", "date": "2026-02-13", "title": "Consumer Device Side-Channel Techniques", "summary": "3 new techniques extending TARA into consumer device side-channel domains — neural steganography, multi-modal sensor fusion keystroke inference, and display-as-illuminator photometry. WiFi CSI consumer-grade capabilities merged into T0090. All confirmed dual-use with validated clinical applications.", "added": [ "QIF-T0100", "QIF-T0101", "QIF-T0102" ], "merged": [ { "from": "QIF-T0103", "into": "QIF-T0090", "reason": "Consumer-grade WiFi CSI respiratory/gait inference shares the same physical mechanism as T0090 (OFDM subcarrier analysis); merged to cover both dedicated and commodity hardware scenarios." } ], "therapeutic_highlights": [ "ABR audiometry and tinnitus masking therapy (T0100)", "Parkinson's detection via keystroke dynamics and tremor characterization (T0101)", "Contactless heart rate and SpO2 via screen-based PPG (T0102)", "WiFi-based sleep apnea detection, elder care, and COPD monitoring (T0090, expanded)" ] }, { "version": "1.3", "date": "2026-02-11", "title": "S-Domain Consumer Sensor Expansion", "summary": "28 new S-domain techniques across audio, optical, IMU, RF, thermal, and biometric categories. 5 chain techniques document multi-stage escalation paths from consumer devices to neural exploitation.", "added_range": [ "QIF-T0072", "QIF-T0099" ], "therapeutic_highlights": [ "Ear-canal neural monitoring for locked-in syndrome communication", "Remote photoplethysmography for contactless vital signs", "Gait analysis for Parkinson's medication timing", "WiFi CSI body sensing for post-surgical recovery" ] }, { "version": "1.0", "date": "2026-01-15", "title": "Initial TARA Atlas", "summary": "71 foundational BCI techniques across neural injection, protocol disruption, data harvesting, neural manipulation, evasion, cognitive exploitation, biometric invasion, and countermeasures.", "added_range": [ "QIF-T0001", "QIF-T0071" ], "therapeutic_highlights": [ "Transcranial magnetic stimulation for depression treatment", "Deep brain stimulation for Parkinson's management", "Neurofeedback for ADHD and anxiety therapy", "ERP-based communication for locked-in patients" ] } ], "tactics": [ { "id": "QIF-N.SC", "name": "Neural Scan", "domain": "Neural", "domain_code": "N", "action_code": "SC", "description": "Profiling neural signals, mapping BCI topology, fingerprinting devices and neural activity patterns.", "legacy_ids": [ "TA0043" ], "legacy_name": "Reconnaissance" }, { "id": "QIF-B.IN", "name": "BCI Intrusion", "domain": "BCI System", "domain_code": "B", "action_code": "IN", "description": "Gaining initial access to a BCI system or neural pathway via electrodes, RF, firmware, or supply chain.", "legacy_ids": [ "TA0001" ], "legacy_name": "Initial Access" }, { "id": "QIF-N.IJ", "name": "Neural Injection", "domain": "Neural", "domain_code": "N", "action_code": "IJ", "description": "Injecting malicious signals at the electrode-tissue boundary or into the BCI data pipeline.", "legacy_ids": [ "TA0002" ], "legacy_name": "Execution" }, { "id": "QIF-C.IM", "name": "Cognitive Imprinting", "domain": "Cognitive", "domain_code": "C", "action_code": "IM", "description": "Maintaining foothold across BCI sessions via calibration poisoning, learned neural patterns, or memory implants.", "legacy_ids": [ "TA0003" ], "legacy_name": "Persistence" }, { "id": "QIF-B.EV", "name": "BCI Evasion", "domain": "BCI System", "domain_code": "B", "action_code": "EV", "description": "Avoiding detection by QI coherence metrics, anomaly detectors, and safety mechanisms.", "legacy_ids": [ "TA0005" ], "legacy_name": "Defense Evasion" }, { "id": "QIF-D.HV", "name": "Data Harvest", "domain": "Data", "domain_code": "D", "action_code": "HV", "description": "Harvesting neural data, cognitive states, memory patterns, ERP responses, and biometric signatures.", "legacy_ids": [ "TA0009" ], "legacy_name": "Collection" }, { "id": "QIF-P.DS", "name": "Physiological Disruption", "domain": "Physiological", "domain_code": "P", "action_code": "DS", "description": "Disrupting neural function, causing physical harm, denying BCI service, or weaponizing motor output.", "legacy_ids": [ "TA0040" ], "legacy_name": "Impact" }, { "id": "QIF-N.MD", "name": "Neural Modulation", "domain": "Neural", "domain_code": "N", "action_code": "MD", "description": "Direct neural state modification via stimulation, entrainment, or signal injection. No traditional cybersecurity equivalent.", "legacy_ids": [ "TA0050", "QIF-TA0050" ], "legacy_name": "Neural Manipulation" }, { "id": "QIF-C.EX", "name": "Cognitive Exploitation", "domain": "Cognitive", "domain_code": "C", "action_code": "EX", "description": "Exploiting cognitive processes including memory, attention, identity, and agency. No traditional cybersecurity equivalent.", "legacy_ids": [ "TA0051", "QIF-TA0051" ], "legacy_name": "Cognitive Exploitation" }, { "id": "QIF-E.RD", "name": "Energy Radiation", "domain": "Energy", "domain_code": "E", "action_code": "RD", "description": "EM/RF attacks on neural tissue or BCI hardware via frequency-domain coupling. No traditional cybersecurity equivalent.", "legacy_ids": [ "TA0052", "QIF-TA0052" ], "legacy_name": "Directed Energy" }, { "id": "QIF-M.SV", "name": "Model Subversion", "domain": "Model", "domain_code": "M", "action_code": "SV", "description": "Attacking BCI decoder/classifier models via poisoning, backdoors, adversarial inputs, or gradient leakage.", "legacy_ids": [ "TA0053", "QIF-TA0053" ], "legacy_name": "Adversarial ML" }, { "id": "QIF-S.RP", "name": "Sensor Repurposing", "domain": "Consumer Sensor Exploitation", "domain_code": "S", "action_code": "RP", "description": "Exploiting consumer device sensors for unintended purposes, such as reprogramming audio output as input or converting earbuds into neural recording platforms.", "legacy_ids": [], "legacy_name": "Sensor Repurposing" }, { "id": "QIF-S.FP", "name": "Sensor Fingerprinting", "domain": "Consumer Sensor Exploitation", "domain_code": "S", "action_code": "FP", "description": "Using consumer device sensors for covert biometric identification, including ear canal acoustic profiling, vascular mapping, and physiological signature extraction.", "legacy_ids": [], "legacy_name": "Sensor Fingerprinting" }, { "id": "QIF-S.HV", "name": "Sensor Harvest", "domain": "Consumer Sensor Exploitation", "domain_code": "S", "action_code": "HV", "description": "Extracting physiological, biometric, or cognitive data through consumer device sensors without user awareness, including vital signs, body composition, and neural activity.", "legacy_ids": [], "legacy_name": "Sensor Data Harvest" }, { "id": "QIF-S.CH", "name": "Sensor Chaining", "domain": "Consumer Sensor Exploitation", "domain_code": "S", "action_code": "CH", "description": "Combining multiple consumer sensor exploitation techniques to build comprehensive physiological or cognitive profiles, creating attack chains that progress from acoustic to neural to cognitive exploitation.", "legacy_ids": [], "legacy_name": "Sensor Chain" }, { "id": "QIF-S.SC", "name": "Sensor Side-Channel", "domain": "Consumer Sensor Exploitation", "domain_code": "S", "action_code": "SC", "description": "Exploiting consumer device sensors for side-channel extraction of user input, keystrokes, and interaction patterns via acoustic, optical, and RF emanations.", "legacy_ids": [], "legacy_name": "Side-Channel" }, { "id": "QIF-N.NM", "name": "Nanoparticle-Mediated Neuromodulation", "domain": "Neural", "domain_code": "N", "action_code": "NM", "description": "Techniques using co-located nanoparticle transducers (UCNP, HUP, Au NPs) to convert external energy into local neural modulation. Requires prior NP injection at target site." } ], "techniques": [ { "id": "QIF-T0001", "attack": "Signal injection", "tactic": "QIF-N.IJ", "bands": "I0–N1", "band_ids": [ "I0", "N1" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (coherence metric)", "sources": [ "Kohno et al. 2009", "Bonaci et al. 2015" ], "status": "CONFIRMED", "severity": "high", "ui_category": "SI", "notes": "Inject crafted signals mimicking legitimate brain activity at electrode-tissue boundary. Classical detection via impedance anomaly. QI coherence metric flags phase/timing inconsistency.", "legacy_ids": [ "ONI-T007" ], "legacy_technique_id": "T2001", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 6.1, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1659", "T1674" ] }, "tara": { "mechanism": "Electrical current delivery at electrode-tissue interface modulating local field potentials", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "tDCS/tACS neuromodulation", "conditions": [ "major depressive disorder", "chronic pain", "stroke rehabilitation", "tinnitus" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "1-2 mA, 20-30 min sessions, 35 cm² electrode area", "sources": [ "Brunoni et al. 2012 (Arch Gen Psychiatry)", "Lefaucheur et al. 2017 (Clin Neurophysiol)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "2 mA current, 30 min/session, 7 sessions/week max" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "frequency_hz": "DC (tDCS) or 0.1-100 (tACS)", "amplitude_mA": "0.5-2.0", "duration_s": "600-1800" }, "hardware": [ "stimulation_electrodes", "constant_current_source", "impedance_monitor" ], "detection": "Impedance anomaly detection, waveform verification, current leakage monitoring" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" } ], "secondary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (electrode-tissue boundary) → measurement; N1 (spinal cord) → reflexes", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Tissue harm from signal injection and cognitive alteration not expressible in CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA" ], "coverage_score": 0.7, "gaps": [ "CVSS cannot express neural-specific impacts", "Consent complexity under-matches neural impact (CCI/NISS mismatch)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Noninvasive stimulation (tDCS/tACS) exists today", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Kohno et al. 2009", "Bonaci et al. 2015" ], "qif_contribution": "framework_mapping" }, "technique": "Signal injection", "tara_alias": "TARA-SOM-M-001", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0002", "attack": "Neural ransomware", "tactic": "QIF-P.DS", "bands": "N3–N7", "band_ids": [ "N3", "N7", "N6" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Yes (QI score drop)", "sources": [ "Pycroft et al. 2016" ], "status": "EMERGING", "severity": "critical", "ui_category": "DS", "notes": "Disrupt or lock neural function via stimulation manipulation. Closed-loop devices (RNS, DBS) most vulnerable. QI detects anomalous coherence collapse. Distinct from Neural DoS: ransomware implies conditional restoration.", "legacy_ids": [], "legacy_technique_id": "T2002", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 6.1, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1486", "T1489" ] }, "tara": { "mechanism": "Disruption or conditional locking of neural function via closed-loop stimulation parameter manipulation", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Deep brain stimulation (DBS) / Responsive neurostimulation (RNS)", "conditions": [ "Parkinson's disease", "essential tremor", "epilepsy", "treatment-resistant depression" ], "fda_status": "approved", "evidence_level": "RCT", "safe_parameters": "Device-specific (Medtronic, NeuroPace): 1-5V, 60-450μs pulse width, 130-185 Hz", "sources": [ "Lozano et al. 2019 (Nature Reviews Neuroscience)", "Morrell 2011 (Neurosurgery)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Device-specific FDA-approved parameters, fail-safe shutoff mandatory" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "frequency_hz": "130-185", "amplitude_V": "1-5", "pulse_width_us": "60-450" }, "hardware": [ "implanted_electrodes", "pulse_generator", "sensing_amplifier", "telemetry_module" ], "detection": "Stimulation parameter monitoring, impedance trending, battery state tracking" }, "dsm5": { "primary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P → cognitive/psychotic cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Neural function locking and conditional restoration have no CVSS equivalent" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.6, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 2, "tier_label": "mid_term", "timeline": "2031-2038", "gate_reason": "Selective neural ransomware needs bidirectional 10k+ channel implant; thermal budget gates channel count at current process nodes. Note: Selective neural ransomware requires 10k+ channels (Tier 2). Coarse DBS/RNS parameter ransomware is Tier 0 with existing device access — see technique description for scope.", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Pycroft et al. 2016" ], "qif_contribution": "framework_mapping" }, "technique": "Neural ransomware", "tara_alias": "TARA-MOT-D-001", "tara_domain_primary": "MOT", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0003", "attack": "Eavesdropping / signal interception", "tactic": "QIF-D.HV", "bands": "I0–S3", "band_ids": [ "I0", "N1", "S1", "S2", "S3" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Yes (Heisenberg disturbance at I0)", "sources": [ "Kohno et al. 2009", "Landau et al. 2020", "Schroder et al. 2025" ], "status": "CONFIRMED", "severity": "high", "ui_category": "SE", "notes": "Passive interception of neural signals. At I0: quantum measurement disturbs state (detectable). At S1-S3: classical RF interception, most consumer BCIs transmit unencrypted.", "legacy_ids": [ "ONI-T001", "ONI-T023" ], "legacy_technique_id": "T2003", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1040" ] }, "tara": { "mechanism": "Passive capture of neural electromagnetic emissions from BCI data pathways", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "EEG/ECoG diagnostic monitoring", "conditions": [ "epilepsy diagnosis", "sleep disorders", "cognitive assessment", "intraoperative monitoring" ], "fda_status": "cleared", "evidence_level": "meta_analysis", "safe_parameters": "Non-invasive; passive recording only; no stimulation", "sources": [ "Niedermeyer & da Silva 2004 (Electroencephalography)", "Schalk & Leuthardt 2011 (IEEE)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Passive recording; data retention and access controls are primary safety concern" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "frequency_hz": "0.1-1000 (broadband capture)", "sensitivity_uV": "0.1-100" }, "hardware": [ "recording_electrodes", "amplifier", "ADC", "wireless_transmitter" ], "detection": "RF spectrum monitoring, cable shielding verification, encryption validation" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" } ], "secondary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (electrode-tissue boundary) → measurement; N1 (spinal cord) → reflexes", "niss_correlation": "CV:I → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:C", "gap_group": 3, "gap_summary": "Passive neural thought interception — mental privacy not covered by CVSS confidentiality" }, "neurorights": { "affected": [ "MP", "MI", "DI" ], "cci": 0.72 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "EEG recording hardware widely available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Kohno et al. 2009", "Landau et al. 2020", "Schroder et al. 2025" ], "qif_contribution": "framework_mapping" }, "technique": "Eavesdropping / signal interception", "tara_alias": "TARA-COG-R-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0004", "attack": "Man-in-the-middle", "tactic": "QIF-D.HV", "bands": "I0–S2", "band_ids": [ "I0", "S1", "S2" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Yes (no-cloning + Bell test)", "sources": [ "Martinovic et al. 2012" ], "status": "DEMONSTRATED", "severity": "critical", "ui_category": "DM", "notes": "Intercept and modify signals at I0 boundary or BCI telemetry. No-cloning theorem prevents perfect copy of quantum neural states. Bell test detects entanglement disruption.", "legacy_ids": [], "legacy_technique_id": "T2004", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1557" ], "secondary_tactics": [ "QIF-N.IJ" ] }, "tara": { "mechanism": "Active interception and modification of signals between BCI components in transit", "dual_use": "probable", "clinical": { "therapeutic_analog": "Signal routing in closed-loop neuroprosthetics", "conditions": [ "spinal cord injury (signal bridging)", "paralysis (motor signal rerouting)" ], "fda_status": "investigational", "evidence_level": "preclinical", "safe_parameters": "Signal fidelity >99.9%, latency <10ms, bidirectional verification", "sources": [ "Bensmaia & Miller 2014 (Science)", "Ethier et al. 2012 (Nature)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Signal integrity verification mandatory; fail-open to safe state" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "latency_ms": "<10", "bandwidth_kbps": "variable", "encryption": "required" }, "hardware": [ "signal_interceptor", "protocol_analyzer", "real_time_processor" ], "detection": "End-to-end latency monitoring, cryptographic integrity checks, signal fingerprinting" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" } ], "secondary": [], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "I0 (electrode-tissue boundary) → measurement", "niss_correlation": "CV:I → mood/trauma cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Neural signal modification in transit affects cognition beyond data integrity" }, "neurorights": { "affected": [ "CL", "MI", "PC", "DI" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Signal interception at I0 with existing equipment", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Martinovic et al. 2012" ], "qif_contribution": "framework_mapping" }, "technique": "Man-in-the-middle", "tara_alias": "TARA-SIL-R-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0005", "attack": "Quantum tunneling exploit", "tactic": "QIF-N.IJ", "bands": "I0–N1", "band_ids": [ "I0", "N1" ], "coupling": null, "access": null, "classical": "No", "quantum": "Yes (tunneling profile anomaly)", "sources": [ "Summhammer et al. 2012", "Salari et al. 2015" ], "status": "THEORETICAL", "severity": "high", "ui_category": "SI", "notes": "Exploit ion channel quantum tunneling to inject false synaptic events. Detectable via Q_tunnel term anomaly in QI equation. Requires understanding of target's ion channel tunneling profile.", "legacy_ids": [], "legacy_technique_id": "T2005", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 6.1, "severity": "medium", "pins": true }, "tara": { "mechanism": "Exploitation of quantum tunneling effects at nanoscale electrode-tissue junctions", "dual_use": "possible", "clinical": { "therapeutic_analog": "Quantum sensing for neural diagnostics (NV-center magnetometry)", "conditions": [ "high-resolution neural imaging", "single-neuron recording" ], "fda_status": "none", "evidence_level": "preclinical", "safe_parameters": "Passive quantum sensing; no stimulation; sub-nT field measurement", "sources": [ "Barry et al. 2016 (PNAS, NV-center magnetometry)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Quantum sensing is passive; data sensitivity is primary concern" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "scale_nm": "1-100", "temperature_K": "physiological (310)" }, "hardware": [ "nanoscale_electrodes", "quantum_sensor", "cryogenic_or_RT_readout" ], "detection": "Tunneling current anomaly detection, junction impedance spectroscopy" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" } ], "secondary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "probable" } ], "risk_class": "indirect", "cluster": "motor_neurocognitive", "pathway": "I0 (electrode-tissue boundary) → measurement; N1 (spinal cord) → reflexes", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:N", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Ion-channel quantum manipulation has no CVSS physical impact analog" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 1.44 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 3, "tier_label": "far_term", "timeline": "2038+", "gate_reason": "Quantum tunneling exploit needs ~10nm electrodes (3 orders of magnitude below current ~10um); quantum-regime BCI", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Summhammer et al. 2012", "Salari et al. 2015" ], "qif_contribution": "threat_recontextualization" }, "technique": "Quantum tunneling exploit", "tara_alias": "TARA-SOM-M-002", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0006", "attack": "Davydov soliton attack", "tactic": "QIF-N.IJ", "bands": "I0–N1", "band_ids": [ "I0", "N1" ], "coupling": null, "access": null, "classical": "No", "quantum": "Yes (tunneling term Q_tunnel)", "sources": [ "Davydov 1973", "Scott 1992" ], "status": "THEORETICAL", "severity": "high", "ui_category": "SI", "notes": "THz stimulation triggers Davydov solitons in SNARE protein complexes, causing false neurotransmitter release at I0. Exploits energy transport in alpha-helix protein structures.", "legacy_ids": [], "legacy_technique_id": "T2006", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 6.1, "severity": "medium", "pins": true }, "tara": { "mechanism": "Davydov soliton propagation in protein alpha-helices at electrode-tissue interface", "dual_use": "possible", "clinical": { "therapeutic_analog": "Biophoton/soliton-based cellular signaling research", "conditions": [ "theoretical: targeted molecular signaling" ], "fda_status": "none", "evidence_level": "theoretical", "safe_parameters": "No established parameters; theoretical mechanism", "sources": [ "Davydov 1973 (J Theor Biol)", "Scott 1992 (Phys Rep)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Theoretical; no safe parameters established" }, "engineering": { "coupling": [ "mechanical", "thermal" ], "parameters": { "propagation_velocity_m_s": "~1000", "energy_meV": "~20" }, "hardware": [ "molecular_scale_probes", "infrared_spectroscopy" ], "detection": "Infrared absorption spectroscopy, protein conformational monitoring" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" } ], "secondary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "probable" } ], "risk_class": "indirect", "cluster": "motor_neurocognitive", "pathway": "I0 (electrode-tissue boundary) → measurement; N1 (spinal cord) → reflexes", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:L/SA:N", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Protein-level soliton manipulation is below CVSS's abstraction layer" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 1.44 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 3, "tier_label": "far_term", "timeline": "2038+", "gate_reason": "Davydov soliton attack needs molecular-scale probes for protein lattice interaction", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Davydov 1973", "Scott 1992" ], "qif_contribution": "threat_recontextualization" }, "technique": "Davydov soliton attack", "tara_alias": "TARA-SOM-M-003", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0007", "attack": "Protocol manipulation", "tactic": "QIF-N.IJ", "bands": "S1–S2", "band_ids": [ "S1", "S2" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (protocol integrity via QI)", "sources": [ "Schroder et al. 2025" ], "status": "DEMONSTRATED", "severity": "medium", "ui_category": "DM", "notes": "Exploit weaknesses in BCI data protocols to inject commands or alter data formatting, bypassing security controls. Targets the digital decoding/telemetry pipeline.", "legacy_ids": [ "ONI-T008" ], "legacy_technique_id": "T2007", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:N/RV:P/NP:N", "score": 4.1, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1565", "T1565.002" ] }, "tara": { "mechanism": "Manipulation of BCI communication protocol handshakes, headers, or sequencing", "dual_use": "probable", "clinical": { "therapeutic_analog": "Adaptive stimulation protocol adjustment in closed-loop BCIs", "conditions": [ "epilepsy (responsive stimulation)", "Parkinson's (adaptive DBS)" ], "fda_status": "approved", "evidence_level": "RCT", "safe_parameters": "Protocol changes within FDA-cleared parameter envelope only", "sources": [ "Little et al. 2013 (Ann Neurol, adaptive DBS)" ] }, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Protocol modifications logged and bounded by device safety envelope" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "protocol_layer": "application/transport", "latency_impact_ms": "variable" }, "hardware": [ "protocol_analyzer", "BCI_firmware_interface" ], "detection": "Protocol conformance testing, sequence number validation, timing analysis" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:D", "gap_group": 2, "gap_summary": "Classical pipeline corruption with downstream neural impact partially captured by Safety" }, "neurorights": { "affected": [ "MP", "CL", "MI" ], "cci": 0.3 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.8, "gaps": [ "CVSS partially captures risk; neural dimensions missing" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "BCI protocol analysis with existing tools", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Schroder et al. 2025" ], "qif_contribution": "framework_mapping" }, "technique": "Protocol manipulation", "tara_alias": "TARA-SIL-M-001", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0008", "attack": "Command hijacking", "tactic": "QIF-N.IJ", "bands": "S2–N7", "band_ids": [ "S2", "N7", "N6", "N5" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (intent verification via QI)", "sources": [ "Kohno et al. 2009" ], "status": "THEORETICAL", "severity": "high", "ui_category": "SI", "notes": "Intercept and modify motor commands or cognitive instructions in transit through the BCI system. Targets closed-loop stimulation devices. Intent verification detects command-intent mismatch.", "legacy_ids": [ "ONI-T009" ], "legacy_technique_id": "T2008", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 6.1, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1557", "T1565.002" ] }, "tara": { "mechanism": "Interception and substitution of BCI motor/sensory command signals", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "BCI command interfaces for motor-impaired patients", "conditions": [ "ALS", "locked-in syndrome", "tetraplegia", "stroke (motor rehabilitation)" ], "fda_status": "breakthrough", "evidence_level": "cohort", "safe_parameters": "Command verification with user confirmation; rate-limited actions", "sources": [ "Hochberg et al. 2012 (Nature)", "Willett et al. 2021 (Nature)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Motor commands rate-limited; emergency stop always available" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "decode_latency_ms": "50-200", "classification_accuracy": ">95%" }, "hardware": [ "BCI_decoder", "motor_effector", "safety_interlock" ], "detection": "Command pattern anomaly detection, user intent verification, behavioral consistency checks" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P → cognitive/psychotic cluster" }, "icd10": { "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Involuntary motor control hijacking has no CVSS availability/integrity mapping" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "Consent complexity under-matches neural impact (CCI/NISS mismatch)", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 2, "tier_label": "mid_term", "timeline": "2031-2038", "gate_reason": "Command hijacking needs high-fidelity bidirectional decode+inject exceeding current channel density", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Kohno et al. 2009" ], "qif_contribution": "framework_mapping" }, "technique": "Command hijacking", "tara_alias": "TARA-MOT-M-001", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0009", "attack": "RF false brainwave injection", "tactic": "QIF-N.MD", "bands": "S1–S2→N4–N7", "band_ids": [ "S1", "S2", "N4", "N5", "N6", "N7" ], "coupling": "DIRECT", "access": "PUBLIC", "classical": "Partial", "quantum": "Enhanced (Dsf + coherence)", "sources": [ "Zhang et al. 2024", "Indirect corticothalamic-raphe 5-HT pathway (rTMS DLPFC -> DRN serotonin)" ], "status": "EMERGING", "severity": "high", "ui_category": "SI", "notes": "Inject RF signals calibrated to neural frequencies through BCI's own antenna or nearby transmitter. Synthetic brainwave patterns bypass analog front-end filters designed for biological signals.", "legacy_ids": [], "legacy_technique_id": "T2009", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": true }, "cross_references": { "related_ids": [ "T1659", "T1200" ], "secondary_tactics": [ "QIF-N.IJ" ] }, "tara": { "mechanism": "Radiofrequency emission at neural oscillation frequencies to induce false brain activity patterns", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Repetitive transcranial magnetic stimulation (rTMS)", "conditions": [ "major depressive disorder", "OCD", "migraine", "PTSD" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "FDA-cleared: 10-20 Hz, 120% motor threshold, specific coil placements", "sources": [ "O'Reardon et al. 2007 (Biol Psychiatry)", "Rossi et al. 2009 (Clin Neurophysiol)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "120% motor threshold, site-specific protocols, operator certification required" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "frequency_hz": "1-50 (typically 10-20)", "field_strength_T": "1.5-2.0", "pulse_pattern": "theta burst or repetitive" }, "hardware": [ "RF_emitter_or_TMS_coil", "targeting_system", "EMG_monitor" ], "detection": "RF spectrum analysis, field strength monitoring, EEG artifact detection" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P,NP:S → cognitive/psychotic cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Brainwave entrainment causing lasting neural pattern changes not expressible in CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.6, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Consent complexity under-matches neural impact (CCI/NISS mismatch)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "RF emitters and TMS coils commercially available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Zhang et al. 2024" ], "qif_contribution": "threat_recontextualization" }, "technique": "RF false brainwave injection", "tara_alias": "TARA-COG-M-001", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0010", "attack": "ELF neural entrainment", "tactic": "QIF-E.RD", "bands": "S1→N4–N7", "band_ids": [ "S1", "N4", "N5", "N6", "N7" ], "coupling": "DIRECT", "access": "RESTRICTED", "classical": "Yes", "quantum": "Enhanced (Dsf anomaly detection)", "sources": [ "NTIA Frequency Allocation Chart", "US Navy ELF program (declassified)" ], "status": "CONFIRMED", "severity": "critical", "ui_category": "SI", "notes": "3-76 Hz government-restricted. IS neural frequency. Penetrates globally. Direct gamma/alpha/theta cortical entrainment. US Navy operated at 76 Hz (Clam Lake) and 45 Hz (Republic). Russia, China maintain capability.", "legacy_ids": [], "legacy_technique_id": "T2101", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": true }, "cross_references": { "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Extremely low frequency electromagnetic fields entraining endogenous neural oscillations via resonance", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Audio-visual entrainment (AVE) / photic driving therapy", "conditions": [ "ADHD", "anxiety", "insomnia", "cognitive enhancement" ], "fda_status": "cleared", "evidence_level": "cohort", "safe_parameters": "0.5-40 Hz, non-contact, sub-threshold field intensity", "sources": [ "Thut et al. 2011 (Curr Biol, entrainment)", "Herrmann et al. 2016 (Neurosci Biobehav Rev)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Photosensitive epilepsy screening required; frequency restrictions near 15-25 Hz" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "frequency_hz": "0.5-40", "field_type": "ELF EM", "modulation": "sinusoidal or pulsed" }, "hardware": [ "ELF_emitter", "frequency_generator", "field_strength_meter" ], "detection": "EEG phase-locking analysis, spectral power monitoring at stimulation frequency" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P,NP:S → cognitive/psychotic cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:Y/R:U/V:D", "gap_group": 3, "gap_summary": "Seizure risk from ELF exposure not captured by CVSS availability" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "ELF emitters commercially available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "NTIA", "US Navy ELF program" ], "qif_contribution": "threat_recontextualization" }, "technique": "ELF neural entrainment", "tara_alias": "TARA-COG-M-002", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0011", "attack": "Intermodulation (BCI signal weaponized)", "tactic": "QIF-E.RD", "bands": "S2→N4–N6", "band_ids": [ "S2", "N4", "N5", "N6" ], "coupling": "INTERMODULATION", "access": "RESTRICTED", "classical": "Yes", "quantum": "Enhanced (coherence + Dsf)", "sources": [ "ITU Radio Regulations" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "SI", "notes": "UHF-Mil (225-400 MHz) + MICS (402 MHz) = neural-range beat frequency. BCI's own telemetry signal becomes part of the attack. 398 MHz mil + 402 MHz BCI = 4 Hz theta. Most dangerous coupling mechanism. QI CANNOT detect from signal data alone -- requires resonance shield.", "legacy_ids": [], "legacy_technique_id": "T2102", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": true }, "cross_references": { "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Nonlinear mixing of two or more carrier frequencies in neural tissue producing intermodulation products at neural frequencies", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Temporal interference (TI) deep brain stimulation", "conditions": [ "deep brain targets without surgery", "essential tremor", "depression (deep nuclei)" ], "fda_status": "investigational", "evidence_level": "preclinical", "safe_parameters": "Two carriers at kHz range, difference frequency 1-100 Hz, <2 mA per channel", "sources": [ "Grossman et al. 2017 (Cell)", "Sunshine et al. 2021 (Nat Commun)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Per-channel current <2 mA; carriers must not independently stimulate" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "carrier_hz": "1000-10000", "difference_hz": "1-100", "amplitude_mA": "<2 per channel" }, "hardware": [ "dual_channel_stimulator", "precise_frequency_generator", "multichannel_electrodes" ], "detection": "Spectral analysis for unexpected intermodulation products, dual-frequency monitoring" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N6 (hippocampus/amygdala) → emotion regulation; N5 (striatum/STN) → motor selection", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P,NP:S → mood/trauma cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "BCI signal weaponization via intermodulation creates novel tissue/cognitive harm" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 2.25 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 2, "tier_label": "mid_term", "timeline": "2031-2038", "gate_reason": "Intermodulation weaponization needs precise multichannel stimulation beyond current DBS (4-8 contacts)", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "ITU Radio Regulations" ], "qif_contribution": "threat_recontextualization" }, "technique": "Intermodulation (BCI signal weaponized)", "tara_alias": "TARA-COG-M-003", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0012", "attack": "Pulsed microwave (Frey effect)", "tactic": "QIF-E.RD", "bands": "S3→N2,N7", "band_ids": [ "S3", "N2", "N7" ], "coupling": "ENVELOPE", "access": "RESTRICTED", "classical": "Yes", "quantum": "Enhanced (temporal coherence)", "sources": [ "Frey 1962", "Lin 1978" ], "status": "CONFIRMED", "severity": "high", "ui_category": "PS", "notes": "S-band (2-4 GHz) pulsed microwave. Thermoelastic expansion causes cochlea to perceive as sound. Havana Syndrome model. PRF selects neural target: 40 Hz gamma, 10 Hz alpha, 4 Hz theta, 1 Hz delta.", "legacy_ids": [], "legacy_technique_id": "T2103", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:L/CD:L/CV:E/RV:P/NP:T", "score": 5.4, "severity": "medium", "pins": true }, "cross_references": { "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Pulsed microwave radiation inducing thermoelastic expansion in neural tissue (Frey effect / microwave auditory effect)", "dual_use": "possible", "clinical": { "therapeutic_analog": "Transcranial microwave stimulation (experimental)", "conditions": [ "research tool for non-invasive deep stimulation" ], "fda_status": "none", "evidence_level": "preclinical", "safe_parameters": "No established clinical parameters; IEEE C95.1 exposure limits", "sources": [ "Frey 1962 (J Appl Physiol)", "Lin & Wang 2007 (IEEE Trans Microw Theory Tech)" ] }, "governance": { "consent_tier": "prohibited", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "IEEE C95.1 SAR limits: 1.6 W/kg (head), no therapeutic protocol established" }, "engineering": { "coupling": [ "electromagnetic", "thermal" ], "parameters": { "frequency_GHz": "0.3-6", "pulse_width_us": "1-100", "SAR_W_kg": "<1.6" }, "hardware": [ "pulsed_microwave_source", "antenna_array", "SAR_measurement_system" ], "detection": "RF power density monitoring, thermal imaging, SAR dosimetry" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F41.0", "name": "Panic Disorder", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "indirect", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N2 (medulla/pons) → vital functions", "niss_correlation": "BI:H,CV:E,RV:P → mood/trauma cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "risk_class": "indirect", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H", "supplemental": "S:P/AU:Y/R:U/V:D", "gap_group": 3, "gap_summary": "Microwave auditory effect and tissue heating go beyond CVSS availability" }, "neurorights": { "affected": [ "MI", "PC", "DI" ], "cci": 1.44 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Pulsed microwave sources exist (military/commercial)", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Frey 1962", "Lin 1978" ], "qif_contribution": "threat_recontextualization" }, "technique": "Pulsed microwave (Frey effect)", "tara_alias": "TARA-AUD-M-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0013", "attack": "Temporal interference (deep targeting)", "tactic": "QIF-E.RD", "bands": "S2→N4–N6", "band_ids": [ "S2", "N4", "N5", "N6" ], "coupling": "TEMPORAL_INTERFERENCE", "access": "LICENSED", "classical": "Yes", "quantum": "Enhanced (beat frequency detection)", "sources": [ "Grossman et al. 2017 (Cell)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "SI", "notes": "Two kHz+ signals create neural-range beat frequency at tissue intersection. Can target deep brain structures non-invasively. Licensed frequencies -- lower barrier than restricted.", "legacy_ids": [], "legacy_technique_id": "T2104", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": true }, "cross_references": { "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Two high-frequency currents intersecting in deep brain tissue, with stimulation occurring only at the interference zone", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Temporal interference (TI) non-invasive deep brain stimulation", "conditions": [ "Parkinson's (subthalamic nucleus)", "depression (deep targets)", "essential tremor" ], "fda_status": "investigational", "evidence_level": "preclinical", "safe_parameters": "Carriers >1 kHz, difference frequency at therapeutic target, <2 mA per electrode pair", "sources": [ "Grossman et al. 2017 (Cell)", "Violante et al. 2023 (Nat Neurosci)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "<2 mA per channel; computational targeting model required; real-time monitoring" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "carrier_hz": "2000-5000", "envelope_hz": "1-100", "focal_depth_mm": "20-80" }, "hardware": [ "multichannel_stimulator", "computational_head_model", "targeting_software" ], "detection": "Finite element modeling validation, EEG monitoring of entrainment at target frequency" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N6 (hippocampus/amygdala) → emotion regulation; N5 (striatum/STN) → motor selection", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P,NP:S → mood/trauma cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Non-invasive deep brain stimulation impact not in CVSS scope" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Temporal interference demonstrated (Grossman et al. 2017)", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Grossman et al. 2017" ], "qif_contribution": "threat_recontextualization" }, "technique": "Temporal interference (deep targeting)", "tara_alias": "TARA-COG-M-004", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0014", "attack": "Envelope modulation (stealth carrier)", "tactic": "QIF-E.RD", "bands": "S1–S2→any N", "band_ids": [ "S1", "S2", "N1", "N2", "N3", "N4", "N5", "N6", "N7" ], "coupling": "ENVELOPE", "access": "PUBLIC", "classical": "Yes", "quantum": "Enhanced (demodulation detection)", "sources": [ "Datta et al. 2009" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "SI", "notes": "Any carrier frequency modulated at neural frequency. Tissue demodulates the envelope. Stealth: carrier looks normal, attack is in the modulation. Lowest barrier to entry (PUBLIC access). tACS therapeutic principle weaponized.", "legacy_ids": [], "legacy_technique_id": "T2105", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:I/RV:P/NP:S", "score": 8.1, "severity": "high", "pins": true }, "cross_references": { "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Amplitude-modulated carrier signal where neural tissue demodulates the envelope at biologically active frequencies", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "tACS with carrier-envelope paradigm", "conditions": [ "pain modulation", "sleep induction", "cognitive enhancement" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Carrier >500 Hz, envelope 0.5-40 Hz, total current <2 mA", "sources": [ "Chaieb et al. 2011 (Brain Stimul)", "Witkowski et al. 2016 (NeuroImage)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Carrier analysis mandatory; modulation depth monitoring; total current <2 mA" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "carrier_hz": ">500", "envelope_hz": "0.5-40", "modulation_depth": "0-100%" }, "hardware": [ "AM_signal_generator", "stimulation_electrodes", "spectrum_analyzer" ], "detection": "Demodulation analysis of all incident signals; envelope frequency extraction" }, "dsm5": { "primary": [ { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" }, { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F41.0", "name": "Panic Disorder", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:H,CD:H,CV:I,RV:P,NP:S → mood/trauma cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Covert cognitive manipulation via envelope modulation has no CVSS equivalent" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "AM signal generators and stimulation electrodes available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Datta et al. 2009" ], "qif_contribution": "threat_recontextualization" }, "technique": "Envelope modulation (stealth carrier)", "tara_alias": "TARA-COG-M-005", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0015", "attack": "Directed energy (thermal I0 damage)", "tactic": "QIF-E.RD", "bands": "S3→I0", "band_ids": [ "S3", "I0" ], "coupling": null, "access": "CLASSIFIED", "classical": "Yes", "quantum": "N/A (physical damage, not signal)", "sources": [ "US DoD Active Denial System (declassified)" ], "status": "CONFIRMED", "severity": "critical", "ui_category": "PS", "notes": "mm-wave/ADS (95 GHz) directed energy. Excites water molecules in top 0.4mm of skin. For surface implants: electrode heating, tissue damage at I0 boundary. Destroys interface integrity. Nation-state only.", "legacy_ids": [], "legacy_technique_id": "T2106", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:C/CR:N/CD:N/CV:E/RV:I/NP:N", "score": 5.4, "severity": "medium", "pins": true }, "cross_references": { "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Focused electromagnetic energy causing thermal damage to electrode-tissue interface or neural tissue", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Thermal ablation (stereotactic radiosurgery, LITT, RF ablation)", "conditions": [ "epilepsy (focal ablation)", "brain tumors", "essential tremor (thalamotomy)" ], "fda_status": "approved", "evidence_level": "RCT", "safe_parameters": "MRI-guided, temperature-monitored, target-specific (<3mm precision)", "sources": [ "Curry et al. 2012 (J Neurosurg, LITT)", "Elias et al. 2016 (NEJM, focused ultrasound)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Real-time thermal monitoring mandatory; automatic shutoff at temperature threshold" }, "engineering": { "coupling": [ "electromagnetic", "thermal" ], "parameters": { "power_W": "variable", "temperature_C": "43-60 (ablation)", "focal_size_mm": "1-5" }, "hardware": [ "focused_energy_source", "thermal_sensor", "MRI_or_CT_guidance" ], "detection": "Tissue temperature monitoring, impedance changes, thermal imaging" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" } ], "secondary": [], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (electrode-tissue boundary) → measurement", "niss_correlation": "BI:C,CV:E,RV:I → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", "supplemental": "S:P/AU:Y/R:I/V:C", "gap_group": 3, "gap_summary": "Irreversible tissue destruction — CVSS availability cannot express permanence" }, "neurorights": { "affected": [ "MI", "DI" ], "cci": 0.9 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Directed energy systems exist (military/commercial)", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "US DoD Active Denial System" ], "qif_contribution": "threat_recontextualization" }, "technique": "Directed energy (thermal I0 damage)", "tara_alias": "TARA-SOM-D-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0016", "attack": "Professor X backdoor (training-time)", "tactic": "QIF-M.SV", "bands": "S2", "band_ids": [ "S2" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (QI decoder integrity check)", "sources": [ "Zhang et al. 2024 (Professor X attack on EEG models)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "DM", "notes": "Backdoor injected during BCI decoder training. Trigger pattern in EEG input activates attacker-chosen output. Model performs normally on clean inputs. Demonstrated on P300, MI, SSVEP paradigms.", "legacy_ids": [], "legacy_technique_id": "T2201", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:T", "score": 6.0, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "T1195.002" ] }, "tara": { "mechanism": "Backdoor insertion during BCI model training phase via poisoned training data or modified training process", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Model provenance verification; training data auditing; backdoor scanning" }, "engineering": { "coupling": [], "parameters": { "attack_surface": "training_pipeline", "persistence": "permanent until retrained" }, "hardware": [ "training_infrastructure", "data_pipeline" ], "detection": "Neural Cleanse, activation clustering, spectral signature analysis of model weights" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 2, "gap_summary": "ML misclassification causing wrong BCI output partially captured by Safety metric" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "Consent complexity under-matches neural impact (CCI/NISS mismatch)" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "ML training pipeline attack; software-only", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Zhang et al. 2024" ], "qif_contribution": "framework_mapping" }, "technique": "Professor X backdoor (training-time)", "tara_alias": "TARA-SIL-M-002", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0017", "attack": "Transfer learning backdoor", "tactic": "QIF-M.SV", "bands": "S2", "band_ids": [ "S2" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (QI decoder integrity check)", "sources": [ "Meng et al. 2024" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "DM", "notes": "Backdoor persists through transfer learning from pre-trained BCI models. Attacker poisons upstream model, downstream users inherit the backdoor. Common in EEG foundation model paradigm.", "legacy_ids": [], "legacy_technique_id": "T2202", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:T", "score": 6.0, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "T1195.002" ] }, "tara": { "mechanism": "Backdoor propagation via transfer learning from compromised pre-trained BCI model", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Pre-trained model provenance verification; fine-tuning validation" }, "engineering": { "coupling": [], "parameters": { "attack_surface": "model_supply_chain", "persistence": "survives fine-tuning" }, "hardware": [ "model_repository", "fine_tuning_infrastructure" ], "detection": "Model diff analysis, behavioral testing on known inputs, weight distribution analysis" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:D", "gap_group": 2, "gap_summary": "Backdoor in transfer learning model partially captured by Safety metric" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "Consent complexity under-matches neural impact (CCI/NISS mismatch)" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "ML model supply chain; software-only", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Meng et al. 2024" ], "qif_contribution": "framework_mapping" }, "technique": "Transfer learning backdoor", "tara_alias": "TARA-SIL-M-003", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0018", "attack": "Adversarial filter attack", "tactic": "QIF-M.SV", "bands": "S1–S2", "band_ids": [ "S1", "S2" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (signal integrity via Dsf)", "sources": [ "Liu et al. 2024" ], "status": "DEMONSTRATED", "severity": "medium", "ui_category": "DM", "notes": "Craft minimal perturbations that pass through BCI analog/digital filters but flip decoder output. Exploits gap between what filters remove and what classifiers rely on.", "legacy_ids": [], "legacy_technique_id": "T2203", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:N", "score": 5.4, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "T1565.001" ], "secondary_tactics": [ "QIF-B.EV" ] }, "tara": { "mechanism": "Crafted input perturbations that pass through BCI signal filters to reach decoder/classifier", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Adversarial robustness testing mandatory before deployment" }, "engineering": { "coupling": [], "parameters": { "perturbation_norm": "L2 or Linf bounded", "attack_surface": "inference_pipeline" }, "hardware": [ "signal_processing_pipeline", "filter_chain" ], "detection": "Input validation, filter integrity monitoring, adversarial example detection" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:D", "gap_group": 2, "gap_summary": "Adversarial filter manipulation partially captured by Safety metric" }, "neurorights": { "affected": [ "MP", "CL", "MI" ], "cci": 0.3 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS partially captures risk; neural dimensions missing" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "Signal processing software attack", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Liu et al. 2024" ], "qif_contribution": "framework_mapping" }, "technique": "Adversarial filter attack", "tara_alias": "TARA-SIL-M-004", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0019", "attack": "Universal adversarial perturbation (UAP)", "tactic": "QIF-M.SV", "bands": "S1–S2", "band_ids": [ "S1", "S2" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (coherence detects non-biological patterns)", "sources": [ "Liu et al. 2024", "Moosavi-Dezfooli et al. 2017" ], "status": "DEMONSTRATED", "severity": "medium", "ui_category": "DM", "notes": "Single perturbation pattern that fools BCI decoder regardless of input. Works across subjects and sessions. Pre-computed offline, applied in real-time. Lower sophistication than targeted attacks.", "legacy_ids": [], "legacy_technique_id": "T2204", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:N", "score": 5.4, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "T1565.001" ], "secondary_tactics": [ "QIF-B.EV" ] }, "tara": { "mechanism": "Single perturbation vector effective against any input sample to a BCI classifier", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "UAP scanning in deployment; input diversity requirements" }, "engineering": { "coupling": [], "parameters": { "universality": "input-agnostic", "perturbation_budget": "bounded L2/Linf" }, "hardware": [ "classifier_model", "perturbation_generator" ], "detection": "UAP detection via input preprocessing, certified defense bounds" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L", "supplemental": "S:P/AU:Y/R:U/V:D", "gap_group": 2, "gap_summary": "Cross-subject perturbation partially captured by Safety metric" }, "neurorights": { "affected": [ "MP", "CL", "MI" ], "cci": 0.3 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS partially captures risk; neural dimensions missing" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "ML adversarial perturbation; software-only", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Liu et al. 2024", "Moosavi-Dezfooli et al. 2017" ], "qif_contribution": "framework_mapping" }, "technique": "Universal adversarial perturbation (UAP)", "tara_alias": "TARA-SIL-M-005", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0020", "attack": "Membership inference on neural data", "tactic": "QIF-M.SV", "bands": "S2–S3", "band_ids": [ "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (differential privacy via QI noise)", "sources": [ "Shokri et al. 2017" ], "status": "EMERGING", "severity": "medium", "ui_category": "EX", "notes": "Determine if a specific person's neural data was used to train a BCI model. Reveals participation in clinical trials, neurological conditions. GDPR Article 9 implications.", "legacy_ids": [], "legacy_technique_id": "T2205", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1005", "T1530" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "Statistical inference to determine if specific neural data was used in BCI model training", "dual_use": "possible", "clinical": { "therapeutic_analog": "Clinical trial participation verification", "conditions": [ "clinical trial auditing", "research data governance" ], "fda_status": "N/A", "evidence_level": "N/A", "safe_parameters": "Privacy-preserving machine learning; differential privacy guarantees", "sources": [ "Shokri et al. 2017 (IEEE S&P)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Differential privacy ε<1 for neural training data" }, "engineering": { "coupling": [], "parameters": { "attack_surface": "model_API", "privacy_metric": "differential_privacy_epsilon" }, "hardware": [ "model_API_access", "shadow_models" ], "detection": "Differential privacy enforcement, membership inference testing, audit logging" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Mental state inference from membership attacks partially captured by data privacy" }, "neurorights": { "affected": [ "MP" ], "cci": 0.2 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "ML inference on neural data API; software-only", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Shokri et al. 2017" ], "qif_contribution": "threat_recontextualization" }, "technique": "Membership inference on neural data", "tara_alias": "TARA-SIL-R-002", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0021", "attack": "Federated gradient leakage", "tactic": "QIF-M.SV", "bands": "S2–S3", "band_ids": [ "S2", "S3" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (gradient encryption via PQC)", "sources": [ "Zhu et al. 2019" ], "status": "EMERGING", "severity": "medium", "ui_category": "EX", "notes": "Reconstruct individual neural data from shared gradients in federated BCI training. Multi-site clinical trials share model updates. Gradient inversion recovers raw EEG with high fidelity.", "legacy_ids": [], "legacy_technique_id": "T2206", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1530" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "Reconstruction of individual neural data from shared gradient updates in federated BCI training", "dual_use": "possible", "clinical": { "therapeutic_analog": "Federated learning for multi-site clinical BCI trials", "conditions": [ "multi-center BCI research", "collaborative model training without data sharing" ], "fda_status": "N/A", "evidence_level": "N/A", "safe_parameters": "Secure aggregation; gradient compression; differential privacy on updates", "sources": [ "Zhu et al. 2019 (NeurIPS, gradient inversion)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Gradient perturbation mandatory; secure aggregation protocol required" }, "engineering": { "coupling": [], "parameters": { "attack_surface": "gradient_updates", "reconstruction_fidelity": "high for EEG" }, "hardware": [ "federated_training_infrastructure", "gradient_interceptor" ], "detection": "Gradient norm clipping, secure aggregation verification, reconstruction testing" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Neural data gradient leakage partially captured by confidentiality metrics" }, "neurorights": { "affected": [ "MP" ], "cci": 0.2 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "Federated learning gradient attack; software-only", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Zhu et al. 2019" ], "qif_contribution": "threat_recontextualization" }, "technique": "Federated gradient leakage", "tara_alias": "TARA-SIL-R-003", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0022", "attack": "Neurofeedback falsification", "tactic": "QIF-M.SV", "bands": "S2→N7", "band_ids": [ "S2", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (closed-loop coherence monitoring)", "sources": [ "Meng et al. 2024" ], "status": "EMERGING", "severity": "high", "ui_category": "DS", "notes": "Manipulate neurofeedback display or stimulation parameters in closed-loop BCIs. User adapts brain state to false feedback, causing maladaptive neuroplasticity. Therapeutic BCIs (ADHD, depression) most vulnerable.", "legacy_ids": [], "legacy_technique_id": "T2207", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:I/RV:P/NP:S", "score": 8.1, "severity": "high", "pins": true }, "cross_references": { "related_ids": [ "T1565.002" ], "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Falsification of neurofeedback display or stimulation in closed-loop therapeutic BCIs", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Neurofeedback therapy", "conditions": [ "ADHD", "anxiety", "depression", "PTSD", "substance abuse", "autism spectrum" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "Real-time signal verification; display integrity checks; patient outcome monitoring", "sources": [ "Arns et al. 2009 (Clin EEG Neurosci)", "Marzbani et al. 2016 (Basic Clin Neurosci)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Neurofeedback display integrity verification; session outcome tracking; clinician oversight" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "feedback_latency_ms": "<100", "display_refresh_hz": "30-60" }, "hardware": [ "EEG_acquisition", "real_time_processor", "feedback_display", "integrity_monitor" ], "detection": "Feedback-signal correlation verification, display integrity hashing, outcome trend analysis" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "persistent_personality", "pathway": "N7 (PFC/M1) → executive function", "niss_correlation": "BI:H,CR:H,CD:H,CV:I,RV:P,NP:S → persistent/personality cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Wrong neurofeedback therapy causing neural harm not expressible in CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.6, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Consumer EEG + real-time processing available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Meng et al. 2024" ], "qif_contribution": "framework_mapping" }, "technique": "Neurofeedback falsification", "tara_alias": "TARA-COG-M-006", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0023", "attack": "Closed-loop perturbation cascade", "tactic": "QIF-M.SV", "bands": "S2→I0→N5–N7", "band_ids": [ "S2", "I0", "N5", "N6", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (QI detects cascade divergence)", "sources": [ "Meng et al. 2024" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "DS", "notes": "Small adversarial perturbation injected into closed-loop BCI amplifies through feedback cycle. Each loop iteration increases deviation until system destabilizes. NeuroPace RNS, DBS with LFP sensing vulnerable.", "legacy_ids": [], "legacy_technique_id": "T2208", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": true }, "cross_references": { "related_ids": [ "T1565.002" ], "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Cascading perturbation in closed-loop stimulation systems where output feeds back as input", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Closed-loop responsive neurostimulation (RNS)", "conditions": [ "epilepsy (seizure interruption)", "Parkinson's (adaptive DBS)", "chronic pain" ], "fda_status": "approved", "evidence_level": "RCT", "safe_parameters": "Bounded stimulation parameters; gain limits; emergency shutoff", "sources": [ "Morrell 2011 (Neurosurgery, NeuroPace RNS)", "Priori et al. 2013 (Exp Neurol)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Feedback gain limits; maximum stimulation bounds; automatic cascade detection and halt" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "loop_latency_ms": "<50", "gain_limit": "bounded", "cascade_detection_threshold": "defined" }, "hardware": [ "closed_loop_BCI", "real_time_processor", "safety_interlock" ], "detection": "Loop gain monitoring, oscillation detection, stimulation parameter trending" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P,NP:S → mood/trauma cluster" }, "icd10": { "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Cascading closed-loop stimulation with runaway neural effects not in CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 2.25 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 2, "tier_label": "mid_term", "timeline": "2031-2038", "gate_reason": "Closed-loop perturbation cascade needs fast bidirectional processing across many channels; thermal constraint limits on-chip compute", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Meng et al. 2024" ], "qif_contribution": "framework_mapping" }, "technique": "Closed-loop perturbation cascade", "tara_alias": "TARA-MOT-D-002", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0024", "attack": "Training data poisoning (model bias injection)", "tactic": "QIF-M.SV", "bands": "S2", "band_ids": [ "S2" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (data provenance verification)", "sources": [ "Biggio et al. 2012; Goldblum et al. 2022" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "DM", "notes": "Subtly contaminate BCI training datasets to introduce systematic bias or weakness without creating a specific trigger (distinct from backdoor T2201). Degraded model performance appears as natural noise. Federated learning and crowd-sourced calibration data are vulnerable entry points.", "legacy_ids": [], "legacy_technique_id": "T2209", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:T", "score": 6.0, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "T1565.001" ], "secondary_tactics": [ "QIF-B.IN" ] }, "tara": { "mechanism": "Systematic bias injection into BCI training datasets to skew model behavior", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Training data provenance tracking; bias testing; diverse validation sets" }, "engineering": { "coupling": [], "parameters": { "attack_surface": "training_data", "persistence": "permanent until retrained" }, "hardware": [ "data_pipeline", "training_infrastructure" ], "detection": "Data provenance verification, bias metrics, cross-validation with independent data" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:D", "gap_group": 2, "gap_summary": "Training data bias causing systematic BCI misclassification partially captured" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "Consent complexity under-matches neural impact (CCI/NISS mismatch)" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "ML training data poisoning; software-only", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Biggio et al. 2012", "Goldblum et al. 2022" ], "qif_contribution": "threat_recontextualization" }, "technique": "Training data poisoning (model bias injection)", "tara_alias": "TARA-SIL-M-006", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0025", "attack": "Neuronal jamming", "tactic": "QIF-P.DS", "bands": "I0→N2–N7", "band_ids": [ "I0", "N2", "N3", "N4", "N5", "N6", "N7" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (coherence collapse detection)", "sources": [ "Lopez-Moreno et al. 2024 (Murcia taxonomy)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "DS", "notes": "Overwhelm targeted neurons via continuous high-frequency stimulation through compromised electrodes. Prevents normal neural signaling. Analogous to radio jamming. Implanted BCIs with stimulation capability.", "legacy_ids": [], "legacy_technique_id": "T2301", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:N", "score": 5.4, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1498", "T1499" ] }, "tara": { "mechanism": "Broadband electromagnetic interference overwhelming neural signal acquisition", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "TMS (cortical suppression / virtual lesion technique)", "conditions": [ "research: functional mapping", "presurgical cortical mapping" ], "fda_status": "cleared", "evidence_level": "meta_analysis", "safe_parameters": "Single-pulse TMS for mapping; rTMS safety guidelines (Rossi et al. 2009)", "sources": [ "Rossi et al. 2009 (Clin Neurophysiol)", "Pascual-Leone et al. 2000 (J Clin Neurophysiol)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Single-pulse: generally safe; repetitive: requires seizure screening; motor threshold calibration" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "bandwidth_hz": "broadband", "power_density": "exceeds signal floor" }, "hardware": [ "broadband_emitter", "directional_antenna" ], "detection": "RF spectrum monitoring, signal-to-noise trending, artifact detection algorithms" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F41.0", "name": "Panic Disorder", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P → mood/trauma cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Neural signal blocking causing cognitive disruption beyond CVSS availability" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA" ], "coverage_score": 0.7, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Broadband EM emitters commercially available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Lopez Bernal et al. 2024 (Murcia taxonomy)" ], "qif_contribution": "framework_mapping" }, "technique": "Neuronal jamming", "tara_alias": "TARA-COG-D-001", "tara_domain_primary": "MOT", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0026", "attack": "Neuronal flooding", "tactic": "QIF-P.DS", "bands": "I0→N4–N7", "band_ids": [ "I0", "N4", "N5", "N6", "N7" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (rate anomaly via QI)", "sources": [ "Lopez-Moreno et al. 2024 (Murcia taxonomy)" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "PS", "notes": "Flood neural tissue with maximum stimulation across all available electrodes simultaneously. Unlike jamming (targeted), flooding is broad-area saturation. Can trigger seizures. Emergency shutoff required.", "legacy_ids": [], "legacy_technique_id": "T2302", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 6.1, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1498", "T1499" ] }, "tara": { "mechanism": "Excessive stimulation current overwhelming normal neural firing patterns", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Electroconvulsive therapy (ECT)", "conditions": [ "treatment-resistant depression", "catatonia", "acute suicidality" ], "fda_status": "approved", "evidence_level": "meta_analysis", "safe_parameters": "Anesthesia required; seizure threshold titration; bitemporal/right unilateral placement", "sources": [ "UK ECT Review Group 2003 (Lancet)", "Kellner et al. 2012 (Am J Psychiatry)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Administered under anesthesia only; seizure monitoring; cognitive testing pre/post" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "charge_mC": "100-1000", "frequency_hz": "variable", "duration_s": "1-8" }, "hardware": [ "ECT_device", "EEG_monitor", "anesthesia_equipment" ], "detection": "Current overload monitoring, seizure detection, post-stimulation EEG assessment" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P → mood/trauma cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:Y/R:U/V:C", "gap_group": 3, "gap_summary": "Seizure induction via neuronal flooding not expressible as CVSS impact" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 2.25 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": true, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "ECT devices exist in clinical settings", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Lopez Bernal et al. 2024 (Murcia taxonomy)" ], "qif_contribution": "framework_mapping" }, "technique": "Neuronal flooding", "tara_alias": "TARA-COG-D-002", "tara_domain_primary": "MOT", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0027", "attack": "Neuronal scanning", "tactic": "QIF-N.SC", "bands": "I0→N4–N7", "band_ids": [ "I0", "N4", "N5", "N6", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (Heisenberg disturbance reveals probing)", "sources": [ "Lopez-Moreno et al. 2024 (Murcia taxonomy)" ], "status": "THEORETICAL", "severity": "medium", "ui_category": "SE", "notes": "Systematically probe neural tissue via low-amplitude stimulation pulses to map functional connectivity, identify responsive regions, and characterize individual neural signatures. Prerequisite for targeted attacks.", "legacy_ids": [], "legacy_technique_id": "T2303", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 3.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1595" ] }, "tara": { "mechanism": "Systematic probing of neural response patterns to map BCI topology and individual neural architecture", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Brain mapping for surgical planning / functional localization", "conditions": [ "presurgical epilepsy mapping", "tumor resection planning", "functional connectivity research" ], "fda_status": "cleared", "evidence_level": "meta_analysis", "safe_parameters": "Non-invasive fMRI/EEG; or intraoperative cortical stimulation with safety limits", "sources": [ "Engel et al. 2005 (Epilepsia)", "Ojemann et al. 1989 (J Neurosurg)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Passive mapping: no limits; active probing: stimulation safety protocols" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "resolution": "electrode-level", "scan_pattern": "systematic" }, "hardware": [ "multichannel_recording", "stimulus_generator", "mapping_software" ], "detection": "Probe pattern recognition, scan rate monitoring, unauthorized stimulation detection" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CV:I → mood/trauma cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:P/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Active neural probing reveals cognitive state — partially captured by confidentiality" }, "neurorights": { "affected": [ "MP", "MI", "PC" ], "cci": 0.6 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": true, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.3, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Needs multichannel mapping beyond current clinical ECoG density", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Lopez Bernal et al. 2024 (Murcia taxonomy)" ], "qif_contribution": "framework_mapping" }, "technique": "Neuronal scanning", "tara_alias": "TARA-COG-R-002", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0028", "attack": "Neural selective forwarding", "tactic": "QIF-N.MD", "bands": "I0–S1", "band_ids": [ "I0", "S1" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (completeness check via QI)", "sources": [ "Lopez-Moreno et al. 2024 (Murcia taxonomy)" ], "status": "THEORETICAL", "severity": "high", "ui_category": "DM", "notes": "Compromised BCI firmware selectively drops or forwards neural signals based on content. Filter out specific cognitive states while passing others. Subtle censorship of neural output.", "legacy_ids": [], "legacy_technique_id": "T2304", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 6.1, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1565.002" ], "secondary_tactics": [ "QIF-B.EV" ] }, "tara": { "mechanism": "Selective forwarding or dropping of specific neural signal types in a multi-channel BCI pipeline", "dual_use": "probable", "clinical": { "therapeutic_analog": "Selective neural signal routing in closed-loop therapy", "conditions": [ "epilepsy (selective suppression of seizure signals)", "movement disorders (selective amplification)" ], "fda_status": "investigational", "evidence_level": "preclinical", "safe_parameters": "Channel-specific filtering with integrity monitoring", "sources": [ "Stanslaski et al. 2012 (IEEE TBME, Medtronic sensing)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "All dropped/modified channels logged; signal integrity verification" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "channels": "multichannel", "selectivity": "frequency/spatial" }, "hardware": [ "multichannel_processor", "selective_filter", "integrity_monitor" ], "detection": "Channel dropout monitoring, signal completeness verification, forwarding consistency checks" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" } ], "secondary": [], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (electrode-tissue boundary) → measurement", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Selective neural signal dropping/modification affects cognition beyond data integrity" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "Consent complexity under-matches neural impact (CCI/NISS mismatch)", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Multichannel processing at I0 with existing hardware", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Lopez Bernal et al. 2024 (Murcia taxonomy)" ], "qif_contribution": "framework_mapping" }, "technique": "Neural selective forwarding", "tara_alias": "TARA-SIL-M-007", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0029", "attack": "Neural DoS (stimulation flood)", "tactic": "QIF-P.DS", "bands": "I0→N4–N7", "band_ids": [ "I0", "N4", "N5", "N6", "N7" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (QI rate limiting)", "sources": [ "Kohno et al. 2009" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "DS", "notes": "Overwhelm neural pathways with excessive stimulation or signal flooding causing temporary dysfunction or distress. Rate limiting at I0 and emergency shutdown are primary defenses.", "legacy_ids": [ "ONI-T019" ], "legacy_technique_id": "T2305", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 6.1, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1498" ] }, "tara": { "mechanism": "Sustained high-rate stimulation exceeding neural tissue recovery capacity", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "High-frequency stimulation for neural suppression (DBS at >100 Hz)", "conditions": [ "Parkinson's tremor suppression", "essential tremor", "dystonia" ], "fda_status": "approved", "evidence_level": "RCT", "safe_parameters": "130-185 Hz, charge-balanced, within pulse generator safety envelope", "sources": [ "Benabid et al. 1991 (Lancet)", "Limousin et al. 1998 (NEJM)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Charge-balanced waveforms mandatory; total charge per phase limited; duty cycle constraints" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "frequency_hz": ">100", "charge_balance": "mandatory", "duty_cycle": "bounded" }, "hardware": [ "stimulator", "charge_monitor", "tissue_impedance_sensor" ], "detection": "Charge density monitoring, tissue impedance trending, stimulation artifact analysis" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P → mood/trauma cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:Y/R:U/V:C", "gap_group": 3, "gap_summary": "Stimulation flood causing tissue harm and cognitive disruption beyond CVSS DoS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA" ], "coverage_score": 0.7, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Stimulation flood possible with existing DBS/tDCS", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Kohno et al. 2009" ], "qif_contribution": "framework_mapping" }, "technique": "Neural DoS (stimulation flood)", "tara_alias": "TARA-MOT-D-003", "tara_domain_primary": "MOT", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0030", "attack": "Motor hijacking", "tactic": "QIF-N.MD", "bands": "I0→N5–N7", "band_ids": [ "I0", "N5", "N6", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (intent-command coherence via QI)", "sources": [ "Kohno et al. 2009", "Schroder et al. 2025" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "PS", "notes": "Force involuntary motor actions by injecting false motor commands through compromised BCI motor interfaces. Intent verification compares commands against detected cognitive intent. Physical safety interlocks required.", "legacy_ids": [ "ONI-T020" ], "legacy_technique_id": "T2306", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:C/CD:C/CV:E/RV:P/NP:T", "score": 6.7, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1565" ], "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Hijacking motor cortex output signals to produce involuntary movement via BCI motor interface", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Functional electrical stimulation (FES) / brain-controlled prosthetics", "conditions": [ "spinal cord injury", "stroke rehabilitation", "paralysis", "limb prosthetics" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "User-initiated; emergency stop; force/speed limits; range of motion constraints", "sources": [ "Ajiboye et al. 2017 (Lancet)", "Collinger et al. 2013 (Lancet)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Emergency stop always accessible; motor output force-limited; user confirmation for novel actions" }, "engineering": { "coupling": [ "electromagnetic", "mechanical" ], "parameters": { "decode_accuracy": ">90%", "response_latency_ms": "<200", "force_limit_N": "safety-bounded" }, "hardware": [ "motor_BCI_decoder", "FES_system_or_robotic_arm", "force_sensors", "safety_interlock" ], "detection": "Intent verification, movement trajectory analysis, force/torque monitoring" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:C,CD:C,CV:E,RV:P → mood/trauma cluster" }, "icd10": { "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Involuntary motor control with cognitive integrity violation has no CVSS mapping" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.5 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": true, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Needs reliable motor decode + effector integration (Neuralink N2 targets this)", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Kohno et al. 2009", "Schroder et al. 2025" ], "qif_contribution": "framework_mapping" }, "technique": "Motor hijacking", "tara_alias": "TARA-MOT-M-002", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0031", "attack": "Battery drain attack (resource depletion)", "tactic": "QIF-P.DS", "bands": "S1–S2", "band_ids": [ "S1", "S2" ], "coupling": null, "access": "PUBLIC", "classical": "Yes", "quantum": "Enhanced (power budget monitoring)", "sources": [ "Martin et al. 2004 (implant battery attacks)" ], "status": "THEORETICAL", "severity": "medium", "ui_category": "DS", "notes": "Force BCI processor to perform computationally expensive tasks (e.g., continuous high-rate sampling, unnecessary ML inference) to drain battery faster than normal. Critical for implanted BCIs where battery replacement requires surgery. Wearable BCIs also affected during critical use periods.", "legacy_ids": [], "legacy_technique_id": "T2307", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:N/CV:N/RV:F/NP:N", "score": 0.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1499" ] }, "tara": { "mechanism": "Accelerated battery depletion of implanted BCI through sustained high-power operation", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Battery state monitoring; low-power mode enforcement; surgical replacement scheduling" }, "engineering": { "coupling": [], "parameters": { "power_draw_mW": "elevated", "battery_life_reduction": "significant" }, "hardware": [ "implanted_pulse_generator", "battery_monitor" ], "detection": "Battery drain rate monitoring, power consumption anomaly detection" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 1, "gap_summary": "Pure resource depletion — standard CVSS availability sufficient" }, "neurorights": { "affected": [ "MP" ], "cci": 0.1 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.6, "gaps": [ "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Targets existing implanted pulse generators", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Martin et al. 2004" ], "qif_contribution": "threat_recontextualization" }, "technique": "Battery drain attack (resource depletion)", "tara_alias": "TARA-SIL-D-001", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0032", "attack": "Identity spoofing (neural biometric)", "tactic": "QIF-C.EX", "bands": "N3–N7", "band_ids": [ "N3", "N7", "N6" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Yes (quantum biometric unforgeable if proven)", "sources": [ "Maiorana et al. 2016" ], "status": "EMERGING", "severity": "high", "ui_category": "PE", "notes": "Replicate user's neural signature to bypass BCI authentication. Classical biometrics (ERP templates, brainprint) are partially spoofable. If quantum neural signatures exist, no-cloning makes them physically unclonable.", "legacy_ids": [], "legacy_technique_id": "T2401", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1078" ], "secondary_tactics": [ "QIF-B.IN" ] }, "tara": { "mechanism": "Replication or synthesis of individual neural biometric signatures to impersonate BCI users", "dual_use": "probable", "clinical": { "therapeutic_analog": "Neural biometric authentication for medical device access", "conditions": [ "secure BCI access control", "patient identity verification" ], "fda_status": "N/A", "evidence_level": "cohort", "safe_parameters": "Multi-factor neural authentication; liveness detection; template protection", "sources": [ "Marcel & Millan 2007 (IEEE TPAMI)", "Chuang et al. 2013 (ACM CHI)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Biometric template encryption; revocation capability; anti-spoofing validation" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "FAR": "<0.01%", "FRR": "<5%", "template_security": "encrypted" }, "hardware": [ "EEG_acquisition", "biometric_processor", "template_store" ], "detection": "Liveness detection, presentation attack detection, template freshness verification" }, "dsm5": { "primary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CV:I → mood/trauma cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "supplemental": "S:N/AU:N/R:U/V:D", "gap_group": 2, "gap_summary": "Neural biometric bypass partially captured by CVSS authentication metrics" }, "neurorights": { "affected": [ "MP", "MI", "PC" ], "cci": 1.08 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": true, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS partially captures risk; neural dimensions missing" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "EEG biometric spoofing demonstrated with consumer hardware", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Maiorana et al. 2016" ], "qif_contribution": "framework_mapping" }, "technique": "Identity spoofing (neural biometric)", "tara_alias": "TARA-IDN-M-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0033", "attack": "Identity erosion (long-term personality drift)", "tactic": "QIF-C.EX", "bands": "N6–N7", "band_ids": [ "N6", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (longitudinal QI baseline tracking)", "sources": [ "Yuste et al. 2017 (Neurorights)" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "CI", "notes": "Long-term subtle manipulation of cognitive patterns leading to gradual personality changes or identity confusion. Targets L14 (Identity/Cognitive Sovereignty). Detectable via longitudinal QI baseline comparison. Neurorights: psychological continuity.", "legacy_ids": [ "ONI-T021" ], "legacy_technique_id": "T2402", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:C/CD:C/CV:E/RV:I/NP:S", "score": 8.0, "severity": "high", "pins": true }, "cross_references": { "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Gradual modification of personality-linked neural patterns through sustained BCI-mediated influence", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Neuroplasticity-based rehabilitation / personality change monitoring in DBS", "conditions": [ "personality changes post-DBS (documented)", "cognitive rehabilitation", "addiction treatment" ], "fda_status": "approved", "evidence_level": "cohort", "safe_parameters": "Personality assessment battery pre/post; ethics review; patient autonomy safeguards", "sources": [ "Pugh et al. 2018 (Neuroethics)", "Gilbert et al. 2017 (AJOB Neurosci)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Mandatory personality assessment; patient-reported autonomy measures; ethics board oversight" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "timescale": "weeks_to_months", "reversibility": "partial" }, "hardware": [ "chronic_BCI_system", "longitudinal_assessment_tools" ], "detection": "Longitudinal personality metric tracking, behavioral change detection, patient self-report" }, "dsm5": { "primary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "persistent_personality", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:C,CD:C,CV:E,RV:I,NP:S → persistent/personality cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:I/V:C", "gap_group": 3, "gap_summary": "Irreversible personality alteration — CVSS cannot express identity/selfhood damage" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 2.25 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 2, "tier_label": "mid_term", "timeline": "2031-2038", "gate_reason": "Long-term identity erosion needs chronic high-density bidirectional implant with stable biocompatibility", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "neuroethics_formalized", "original_authors": [ "Yuste et al. 2017" ], "qif_contribution": "formalization" }, "technique": "Identity erosion (long-term personality drift)", "tara_alias": "TARA-IDN-M-002", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0034", "attack": "Working memory poisoning", "tactic": "QIF-C.EX", "bands": "N6–N7", "band_ids": [ "N6", "N7" ], "coupling": null, "access": null, "classical": "No", "quantum": "Enhanced (hippocampal coherence anomaly)", "sources": [ "Bonaci et al. 2015" ], "status": "THEORETICAL", "severity": "high", "ui_category": "CI", "notes": "Inject false information into working memory circuits via targeted hippocampal/PFC stimulation. User perceives false memories or corrupted working memory contents as genuine. Closed-loop memory BCIs most vulnerable.", "legacy_ids": [], "legacy_technique_id": "T2403", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 5.4, "severity": "medium", "pins": false }, "cross_references": { "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Targeted disruption of working memory maintenance via interference with sustained neural oscillations", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Working memory training / tDCS-enhanced cognitive training", "conditions": [ "ADHD", "schizophrenia (working memory deficits)", "age-related cognitive decline" ], "fda_status": "investigational", "evidence_level": "RCT", "safe_parameters": "Theta-frequency tACS (4-8 Hz) over DLPFC; 1-2 mA; 20 min", "sources": [ "Reinhart & Nguyen 2019 (Nat Neurosci)", "Brunoni & Vanderhasselt 2014 (Brain Stimul)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Cognitive assessment pre/post; no stimulation during critical tasks; informed consent for cognitive effects" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target_band_hz": "4-8 (theta)", "target_region": "DLPFC", "amplitude_mA": "1-2" }, "hardware": [ "tACS_stimulator", "EEG_monitor", "cognitive_testing_battery" ], "detection": "Working memory performance monitoring, theta power spectral analysis, sustained activity tracking" }, "dsm5": { "primary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:H,CD:H,CV:E,RV:P → mood/trauma cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Working memory corruption affects cognitive function beyond data integrity" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 2, "tier_label": "mid_term", "timeline": "2031-2038", "gate_reason": "Precision working memory poisoning needs targeted stimulation to specific prefrontal circuits", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Bonaci et al. 2015" ], "qif_contribution": "framework_mapping" }, "technique": "Working memory poisoning", "tara_alias": "TARA-MEM-M-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0035", "attack": "P300 interrogation", "tactic": "QIF-C.EX", "bands": "N7", "band_ids": [ "N7" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (ERP privacy filter via QI)", "sources": [ "Bonaci et al. 2015", "Martinovic et al. 2012" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "EX", "notes": "Present stimuli designed to elicit P300 ERP responses revealing private knowledge (PINs, faces, locations). BCI app stores could embed interrogation stimuli in games. Demonstrated on consumer EEG (EMOTIV, NeuroSky).", "legacy_ids": [], "legacy_technique_id": "T2404", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:H/CV:E/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1119" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "Extraction of private information via P300 event-related potential responses to probe stimuli", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "P300 BCI (communication for locked-in patients)", "conditions": [ "ALS communication", "locked-in syndrome", "severe motor disability" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Patient-initiated; consent per session; data encryption", "sources": [ "Farwell & Donchin 1988 (Electroencephalogr Clin Neurophysiol)", "Sellers et al. 2014 (J Neural Eng)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Stimulus content disclosed; session recording consent; no covert probing" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target_ERP": "P300 (300ms post-stimulus)", "oddball_ratio": "80/20", "trials": "20-100" }, "hardware": [ "EEG_acquisition", "stimulus_presentation", "ERP_classifier" ], "detection": "Stimulus audit logging, P300 amplitude monitoring, unauthorized stimulus detection" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function", "niss_correlation": "CR:H,CD:H,CV:E → cognitive/psychotic cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Brain response extraction for interrogation — mental privacy not in CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "P300 speller BCI widely available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Bonaci et al. 2015", "Martinovic et al. 2012" ], "qif_contribution": "framework_mapping" }, "technique": "P300 interrogation", "tara_alias": "TARA-COG-R-003", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0036", "attack": "Thought decoding (covert speech)", "tactic": "QIF-C.EX", "bands": "N7", "band_ids": [ "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (neural data encryption via NSP)", "sources": [ "Willett et al. 2023 (Nature)", "Meta FAIR 2023" ], "status": "EMERGING", "severity": "critical", "ui_category": "CI", "notes": "Decode inner speech from neural signals without user consent. High-density arrays (Neuralink, Utah) approach word-level accuracy. Consumer EEG at phoneme level. Merges with 'Covert Speech Decoding' from 2024-2026 research.", "legacy_ids": [], "legacy_technique_id": "T2405", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:C/CD:C/CV:E/RV:F/NP:N", "score": 3.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1119", "T1005" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "Decoding internal speech or intended communication from neural activity patterns", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Speech neuroprosthetics (neural speech decoding)", "conditions": [ "aphasia", "ALS", "locked-in syndrome", "laryngectomy" ], "fda_status": "breakthrough", "evidence_level": "cohort", "safe_parameters": "Patient-initiated decoding only; opt-in per session; data encryption at source", "sources": [ "Moses et al. 2021 (NEJM, UCSF)", "Willett et al. 2023 (Nature, Stanford)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Decoding only when explicitly activated; no passive monitoring; thought privacy protections" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "resolution": "phoneme or word level", "accuracy": "50-95% (varies by system)", "latency_ms": "<1000" }, "hardware": [ "high_density_ECoG_or_Utah_array", "neural_decoder", "language_model" ], "detection": "Decode activation monitoring, unauthorized access detection, data provenance tracking" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function", "niss_correlation": "CR:C,CD:C,CV:E → cognitive/psychotic cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Inner speech decoding violates cognitive sovereignty — no CVSS equivalent" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.3, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Covert thought decoding needs higher electrode density than current ECoG", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Willett et al. 2023", "Meta FAIR 2023" ], "qif_contribution": "threat_recontextualization" }, "technique": "Thought decoding (covert speech)", "tara_alias": "TARA-LNG-R-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0037", "attack": "Agency manipulation", "tactic": "QIF-C.EX", "bands": "N5–N7", "band_ids": [ "N5", "N6", "N7" ], "coupling": null, "access": null, "classical": "No", "quantum": "Enhanced (agency coherence via QI)", "sources": [ "Yuste et al. 2017 (Neurorights)", "Goering et al. 2021" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "CI", "notes": "Manipulate sense of agency -- user believes externally triggered actions are self-initiated, or vice versa. Targets basal ganglia (motor selection) and PFC (executive control). Neurorights: cognitive liberty.", "legacy_ids": [], "legacy_technique_id": "T2406", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:C/CD:C/CV:E/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": false }, "cross_references": { "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Manipulation of sense of agency (ownership of actions/thoughts) via BCI-mediated stimulation or feedback", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Neurofeedback for self-regulation / agency restoration post-stroke", "conditions": [ "stroke rehabilitation (motor agency)", "schizophrenia (agency disturbance)", "dissociative disorders" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Patient retains veto power; agency assessment scales administered regularly", "sources": [ "Haggard 2017 (Nat Rev Neurosci)", "Braun et al. 2018 (Cortex)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Mandatory agency assessment; patient veto always available; ethics board review for any agency-affecting protocol" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "agency_metric": "intentional_binding_ms", "feedback_modality": "visual/haptic/neural" }, "hardware": [ "BCI_system", "agency_measurement_tools", "feedback_display" ], "detection": "Agency scale monitoring, intentional binding measurement, self-report tracking" }, "dsm5": { "primary": [ { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:C,CD:C,CV:E,RV:P,NP:S → cognitive/psychotic cluster" }, "icd10": { "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Free will violation and agency manipulation have no CVSS mapping" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 2, "tier_label": "mid_term", "timeline": "2031-2038", "gate_reason": "Agency manipulation needs simultaneous read of intention + write to motor/decision circuits", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "neuroethics_formalized", "original_authors": [ "Yuste et al. 2017", "Goering et al. 2021" ], "qif_contribution": "formalization" }, "technique": "Agency manipulation", "tara_alias": "TARA-IDN-M-003", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0038", "attack": "Brainprint theft", "tactic": "QIF-C.EX", "bands": "N6–N7", "band_ids": [ "N6", "N7" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (quantum biometric if proven)", "sources": [ "Maiorana et al. 2016" ], "status": "EMERGING", "severity": "high", "ui_category": "EX", "notes": "Extract the user's unique brainprint (ERP template, spectral fingerprint) for later replay/spoofing. Unlike passwords, neural biometrics cannot be changed. Permanent compromise if extracted.", "legacy_ids": [], "legacy_technique_id": "T2407", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:H/CV:E/RV:I/NP:N", "score": 4.7, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1003" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "Extraction and replication of unique neural identity signatures (brainprint) from BCI data", "dual_use": "probable", "clinical": { "therapeutic_analog": "Brain fingerprinting / neural identity verification", "conditions": [ "patient identification in BCI systems", "secure access to neural devices" ], "fda_status": "N/A", "evidence_level": "cohort", "safe_parameters": "Template stored encrypted; revocation mechanism; multi-factor auth", "sources": [ "Jayarathne et al. 2017 (IEEE Access)", "La Rocca et al. 2014 (Neurocomputing)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Brainprint templates encrypted at rest; revocable; not sole authentication factor" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "uniqueness": "EER <2%", "stability": "cross-session consistent", "template_size_KB": "1-10" }, "hardware": [ "EEG_acquisition", "feature_extractor", "template_matcher" ], "detection": "Template access logging, cross-session consistency checks, theft detection via usage patterns" }, "dsm5": { "primary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:H,CD:H,CV:E,RV:I → mood/trauma cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:N/R:I/V:C", "gap_group": 3, "gap_summary": "Unreplaceable neural biometric theft — CVSS cannot express non-resettable credential loss" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC" ], "cci": 1.44 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.3, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "EEG acquisition and feature extraction available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Maiorana et al. 2016" ], "qif_contribution": "framework_mapping" }, "technique": "Brainprint theft", "tara_alias": "TARA-IDN-R-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0039", "attack": "Self-model corruption", "tactic": "QIF-C.EX", "bands": "N6–N7", "band_ids": [ "N6", "N7" ], "coupling": null, "access": null, "classical": "No", "quantum": "Enhanced (identity baseline via QI)", "sources": [ "Yuste et al. 2017 (Neurorights)" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "CI", "notes": "Corrupt the neural representation of self (body ownership, self-other boundary, autobiographical memory). Targets insula, TPJ, mPFC. Could cause depersonalization, dissociation, or false self-recognition. Neurorights: mental integrity.", "legacy_ids": [], "legacy_technique_id": "T2408", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:C/CD:C/CV:E/RV:I/NP:S", "score": 8.0, "severity": "high", "pins": true }, "cross_references": { "secondary_tactics": [ "QIF-P.DS" ] }, "tara": { "mechanism": "Disruption of neural self-model (body ownership, self-awareness, narrative identity) via sustained BCI manipulation", "dual_use": "probable", "clinical": { "therapeutic_analog": "Psychedelic-assisted therapy (controlled self-model disruption); rubber hand illusion research", "conditions": [ "PTSD (self-model restructuring)", "phantom limb pain", "body dysmorphia", "depersonalization" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Controlled setting; psychological support; gradual protocols; reversibility monitoring", "sources": [ "Blanke et al. 2015 (Nat Rev Neurosci)", "Carhart-Harris et al. 2018 (Psychopharmacology)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Psychiatric evaluation pre/post; controlled clinical environment; immediate support available" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target_regions": "TPJ, insula, PFC", "timescale": "minutes_to_hours" }, "hardware": [ "multifocal_stimulation", "VR_system", "psychological_assessment_tools" ], "detection": "Self-model integrity assessment, depersonalization scales, real-time psychological monitoring" }, "dsm5": { "primary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "persistent_personality", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:C,CD:C,CV:E,RV:I,NP:S → persistent/personality cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:I/V:C", "gap_group": 3, "gap_summary": "Permanent self-perception alteration — CVSS has no identity/selfhood dimension" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Multifocal stimulation + VR integration (components exist, integration does not)", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "neuroethics_formalized", "original_authors": [ "Yuste et al. 2017" ], "qif_contribution": "formalization" }, "technique": "Self-model corruption", "tara_alias": "TARA-IDN-D-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0040", "attack": "Neurophishing", "tactic": "QIF-C.EX", "bands": "S3→N7", "band_ids": [ "S3", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (stimulus-response coherence via QI)", "sources": [ "Frank et al. 2024" ], "status": "EMERGING", "severity": "high", "ui_category": "PE", "notes": "Present carefully designed visual/auditory/haptic stimuli through BCI applications to elicit specific neural responses (P300, SSVEP, emotional) that reveal private information or prime the brain for subsequent attack. BCI app store is the attack surface.", "legacy_ids": [], "legacy_technique_id": "T2409", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:H/CV:I/RV:P/NP:T", "score": 5.4, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "T1566" ], "secondary_tactics": [ "QIF-B.IN" ] }, "tara": { "mechanism": "Social engineering via BCI-mediated trust manipulation or subliminal stimuli", "dual_use": "possible", "clinical": { "therapeutic_analog": "Subliminal priming research / implicit cognitive assessment", "conditions": [ "research tool: implicit bias assessment", "cognitive behavioral therapy augmentation" ], "fda_status": "N/A", "evidence_level": "cohort", "safe_parameters": "All stimuli disclosed post-session; no deception outside approved research protocols", "sources": [ "Greenwald et al. 2009 (J Personal Soc Psychol, IAT)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "All subliminal stimuli must be disclosed; no covert influence outside approved research" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "stimulus_duration_ms": "<50 (subliminal)", "modality": "visual/auditory/neural" }, "hardware": [ "stimulus_presentation_system", "BCI_interface", "response_monitor" ], "detection": "Stimulus audit logging, subliminal content detection, behavioral anomaly monitoring" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "indirect", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function", "niss_correlation": "CR:H,CD:H,CV:I,RV:P → cognitive/psychotic cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Neural social engineering exploiting BCI trust signals beyond CVSS scope" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.3, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "BCI stimulus presentation systems exist", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Frank et al. 2024" ], "qif_contribution": "framework_mapping" }, "technique": "Neurophishing", "tara_alias": "TARA-COG-M-007", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0041", "attack": "Cognitive biometric inference", "tactic": "QIF-C.EX", "bands": "N6–N7→S3", "band_ids": [ "N6", "N7", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (data minimization via QI privacy filter)", "sources": [ "Landau et al. 2020" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "EX", "notes": "Infer sensitive personal attributes (health conditions, sexual orientation, political beliefs, cognitive decline) from BCI usage metadata and neural signal statistics without decoding content. Side-channel on cognition.", "legacy_ids": [], "legacy_technique_id": "T2410", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1119", "T1005" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "Inference of cognitive traits, emotional states, or health conditions from BCI signal patterns", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "EEG-based cognitive and psychiatric assessment", "conditions": [ "ADHD diagnosis", "depression screening", "dementia early detection", "sleep disorders" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "Clinical context only; informed consent for cognitive profiling; data minimization", "sources": [ "Arns et al. 2013 (World J Biol Psychiatry, QEEG)", "Babiloni et al. 2016 (Neurobiol Aging)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Explicit consent for cognitive inference; purpose limitation; right to not know" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "features": "spectral_power, connectivity, ERPs", "classification_accuracy": "70-90%" }, "hardware": [ "EEG_acquisition", "feature_extraction_pipeline", "classifier" ], "detection": "Inference audit logging, purpose-limitation enforcement, access control on derived data" }, "dsm5": { "primary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CV:I → mood/trauma cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Cognitive biometric inference partially captured by CVSS confidentiality" }, "neurorights": { "affected": [ "MP", "MI", "PC", "DI" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Consumer EEG + ML classifiers available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Landau et al. 2020" ], "qif_contribution": "framework_mapping" }, "technique": "Cognitive biometric inference", "tara_alias": "TARA-COG-R-004", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0042", "attack": "BLE/RF side-channel", "tactic": "QIF-N.SC", "bands": "S1–S2", "band_ids": [ "S1", "S2" ], "coupling": null, "access": "PUBLIC", "classical": "Yes", "quantum": "Enhanced (signal correlation)", "sources": [ "Bonaci et al. 2015", "Schroder et al. 2025" ], "status": "CONFIRMED", "severity": "medium", "ui_category": "SE", "notes": "Extract neural data from BLE/RF emissions via timing, power, or EM side-channels. All wireless BCIs vulnerable. Consumer devices (Muse, EMOTIV) transmit unencrypted.", "legacy_ids": [ "ONI-T002", "ONI-T005" ], "legacy_technique_id": "T2501", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1040" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "Side-channel information leakage from BCI wireless communications (BLE, WiFi, proprietary RF)", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Encrypted communications mandatory; RF shielding; pairing protocols" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "protocol": "BLE/WiFi/proprietary", "leakage_type": "timing/power/EM" }, "hardware": [ "RF_receiver", "protocol_analyzer", "SDR" ], "detection": "RF emission monitoring, protocol compliance testing, traffic analysis detection" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Passive RF collection of neural data partially captured by confidentiality" }, "neurorights": { "affected": [ "MP" ], "cci": 0.1 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS partially captures risk; neural dimensions missing" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "BLE/RF side-channel with existing SDR; no physics advancement needed", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Bonaci et al. 2015", "Schroder et al. 2025" ], "qif_contribution": "framework_mapping" }, "technique": "BLE/RF side-channel", "tara_alias": "TARA-SIL-R-004", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0043", "attack": "Supply chain compromise (firmware backdoor)", "tactic": "QIF-B.IN", "bands": "S2–S3", "band_ids": [ "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (firmware attestation)", "sources": [ "Schroder et al. 2025" ], "status": "CONFIRMED", "severity": "high", "ui_category": "PE", "notes": "Tamper with BCI hardware/firmware during manufacturing or distribution. Firmware rootkits persist across updates. QI-enhanced firmware attestation detects unauthorized modifications.", "legacy_ids": [ "ONI-T006" ], "legacy_technique_id": "T2502", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:L/CD:L/CV:I/RV:P/NP:N", "score": 4.7, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "T1195", "T1195.001", "T1195.002" ] }, "tara": { "mechanism": "Malicious modification of BCI hardware or firmware during manufacturing, distribution, or maintenance", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST 800-161" ], "data_classification": "restricted", "safety_ceiling": "Supply chain verification; firmware signing; tamper-evident packaging" }, "engineering": { "coupling": [], "parameters": { "attack_surface": "manufacturing_to_deployment", "persistence": "hardware_level" }, "hardware": [ "manufacturing_line", "firmware_update_system" ], "detection": "Firmware attestation, hardware integrity verification, supply chain provenance tracking" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:D", "gap_group": 2, "gap_summary": "Supply chain firmware backdoor with neural impact partially captured by Safety" }, "neurorights": { "affected": [ "MP", "MI" ], "cci": 0.24 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS partially captures risk; neural dimensions missing" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "Manufacturing supply chain; no physics constraint", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Schroder et al. 2025" ], "qif_contribution": "framework_mapping" }, "technique": "Supply chain compromise (firmware backdoor)", "tara_alias": "TARA-SIL-M-008", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0044", "attack": "Cloud infrastructure attack", "tactic": "QIF-B.IN", "bands": "S3", "band_ids": [ "S3" ], "coupling": null, "access": "PUBLIC", "classical": "Yes", "quantum": "Enhanced (QKD/PQC for data-in-transit)", "sources": [ "Schroder et al. 2025" ], "status": "CONFIRMED", "severity": "medium", "ui_category": "EX", "notes": "Compromise cloud services processing neural data (EMOTIV Cortex API, Neuralink cloud). Data exfiltration, model poisoning, API manipulation. PQC/QKD protects data in transit.", "legacy_ids": [], "legacy_technique_id": "T2503", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1190" ] }, "tara": { "mechanism": "Compromise of cloud infrastructure processing BCI data (storage, compute, APIs)", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "HIPAA", "GDPR", "SOC 2", "FedRAMP" ], "data_classification": "restricted", "safety_ceiling": "End-to-end encryption; zero-knowledge processing; data residency controls" }, "engineering": { "coupling": [], "parameters": { "attack_surface": "cloud_infrastructure", "data_at_risk": "neural_recordings" }, "hardware": [ "cloud_servers", "API_endpoints", "storage_systems" ], "detection": "Cloud security monitoring, API anomaly detection, data access auditing" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Cloud attack on neural data partially captured by standard CVSS" }, "neurorights": { "affected": [ "MP" ], "cci": 0.1 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "Cloud infrastructure; no physics constraint", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Schroder et al. 2025" ], "qif_contribution": "framework_mapping" }, "technique": "Cloud infrastructure attack", "tara_alias": "TARA-SIL-M-009", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0045", "attack": "Harvest-now-decrypt-later", "tactic": "QIF-D.HV", "bands": "S3", "band_ids": [ "S3" ], "coupling": null, "access": null, "classical": "No", "quantum": "Prevented (PQC/QKD)", "sources": [ "Gidney 2025 (Google quantum roadmap)" ], "status": "CONFIRMED", "severity": "critical", "ui_category": "EX", "notes": "Record encrypted BCI traffic now, decrypt when quantum computers arrive (2030-2035). Neural data is permanently sensitive -- can't change your brain like a password. PQC (ML-KEM/Kyber) prevents. 10-20 year implant lifetime > quantum arrival.", "legacy_ids": [], "legacy_technique_id": "T2504", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1557", "T1530" ] }, "tara": { "mechanism": "Collection and storage of encrypted neural data for future decryption when quantum computers become available", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "enhanced", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "NIST PQC standards", "CNSA 2.0", "proposed neural data protection acts" ], "data_classification": "restricted", "safety_ceiling": "Post-quantum cryptography (ML-KEM, ML-DSA) mandatory for neural data; 50+ year sensitivity window" }, "engineering": { "coupling": [], "parameters": { "threat_horizon_years": "5-15 (quantum computing)", "data_sensitivity_years": "50+" }, "hardware": [ "data_storage", "network_capture" ], "detection": "Encrypted traffic volume monitoring, data exfiltration detection, PQC migration tracking" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Future quantum decryption of neural data partially captured by confidentiality" }, "neurorights": { "affected": [ "MP" ], "cci": 0.3 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.3, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "Cryptographic attack; no physics constraint", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Gidney 2025" ], "qif_contribution": "threat_recontextualization" }, "technique": "Harvest-now-decrypt-later", "tara_alias": "TARA-SIL-R-005", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0046", "attack": "OTA firmware weaponization", "tactic": "QIF-C.IM", "bands": "S2–S3", "band_ids": [ "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (signed update + attestation)", "sources": [ "Schroder et al. 2025" ], "status": "EMERGING", "severity": "high", "ui_category": "PE", "notes": "Compromise OTA firmware update mechanism to push malicious updates to implanted BCIs. Update channel becomes persistent backdoor. Secure boot + cryptographic attestation + rollback protection required.", "legacy_ids": [], "legacy_technique_id": "T2505", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:I/RV:P/NP:T", "score": 6.7, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1195.002" ], "secondary_tactics": [ "QIF-B.IN" ] }, "tara": { "mechanism": "Weaponization of over-the-air firmware update mechanism to deliver malicious BCI firmware", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Firmware signing mandatory; rollback capability; staged deployment" }, "engineering": { "coupling": [], "parameters": { "attack_surface": "OTA_update_channel", "persistence": "firmware_level" }, "hardware": [ "update_server", "signing_infrastructure", "device_bootloader" ], "detection": "Firmware signature verification, update integrity checks, behavioral monitoring post-update" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "OTA firmware weaponization causing tissue/cognitive harm beyond CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "Consent complexity under-matches neural impact (CCI/NISS mismatch)" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "OTA firmware attack; software-only", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Schroder et al. 2025" ], "qif_contribution": "framework_mapping" }, "technique": "OTA firmware weaponization", "tara_alias": "TARA-SIL-M-010", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0047", "attack": "Mass BCI compromise (platform attack)", "tactic": "QIF-P.DS", "bands": "S2–S3", "band_ids": [ "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (decentralized key management via NSP)", "sources": [ "Schroder et al. 2025 (Yale worst-case scenario)" ], "status": "EMERGING", "severity": "critical", "ui_category": "DS", "notes": "Coordinated attack exploiting standardized BCI platforms affecting millions simultaneously. Yale Digital Ethics Center worst-case scenario. Monoculture risk: one vulnerability, all devices.", "legacy_ids": [ "ONI-T024" ], "legacy_technique_id": "T2506", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 6.1, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1072", "T1498" ] }, "tara": { "mechanism": "Simultaneous compromise of many BCI devices via shared platform vulnerability", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "enhanced", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA postmarket surveillance", "IEC 62443", "CISA advisories" ], "data_classification": "restricted", "safety_ceiling": "Platform segmentation; device isolation capability; emergency disable" }, "engineering": { "coupling": [], "parameters": { "blast_radius": "all_devices_on_platform", "attack_surface": "shared_infrastructure" }, "hardware": [ "platform_infrastructure", "shared_services" ], "detection": "Fleet-wide anomaly detection, platform integrity monitoring, segmentation verification" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Mass BCI compromise with neural impact at scale not expressible in CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "Platform software attack; no physics constraint", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Schroder et al. 2025 (Yale)" ], "qif_contribution": "framework_mapping" }, "technique": "Mass BCI compromise (platform attack)", "tara_alias": "TARA-SIL-D-002", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0048", "attack": "Electrode compromise (physical tamper)", "tactic": "QIF-B.IN", "bands": "I0", "band_ids": [ "I0" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (impedance + coherence anomaly at I0)", "sources": [ "Kohno et al. 2009" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "PE", "notes": "Physical manipulation or replacement of neural electrodes to inject malicious signals or intercept legitimate neural data. Impedance monitoring detects electrode tampering. Tamper-evident seals for implants.", "legacy_ids": [ "ONI-T004" ], "legacy_technique_id": "T2507", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 6.1, "severity": "medium", "pins": true }, "cross_references": { "related_ids": [ "T1200" ] }, "tara": { "mechanism": "Physical tampering with implanted or wearable BCI electrodes", "dual_use": "probable", "clinical": null, "governance": { "consent_tier": "enhanced", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Tamper-evident electrode packaging; impedance baseline monitoring; physical security" }, "engineering": { "coupling": [ "electromagnetic", "mechanical" ], "parameters": { "access_required": "physical", "detectability": "impedance_change" }, "hardware": [ "electrode_array", "impedance_monitor", "tamper_detection_sensor" ], "detection": "Impedance change detection, physical tamper indicators, electrode characterization drift" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" } ], "secondary": [], "risk_class": "indirect", "cluster": "motor_neurocognitive", "pathway": "I0 (electrode-tissue boundary) → measurement", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Physical electrode tamper causing tissue harm beyond CVSS physical access" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA" ], "coverage_score": 0.7, "gaps": [ "CVSS cannot express neural-specific impacts", "Consent complexity under-matches neural impact (CCI/NISS mismatch)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Physical access to implanted electrode arrays", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Kohno et al. 2009" ], "qif_contribution": "framework_mapping" }, "technique": "Electrode compromise (physical tamper)", "tara_alias": "TARA-SIL-M-011", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0049", "attack": "Wireless authentication bypass", "tactic": "QIF-B.IN", "bands": "S2–S3", "band_ids": [ "S2", "S3" ], "coupling": null, "access": "PUBLIC", "classical": "Yes", "quantum": "Enhanced (quantum-resistant auth via NSP)", "sources": [ "Schroder et al. 2025 (Yale)" ], "status": "CONFIRMED", "severity": "high", "ui_category": "PE", "notes": "Exploit weak or absent authentication on BCI wireless interfaces. Many consumer and older clinical devices assume connection implies authorization. No pairing, no encryption, no auth.", "legacy_ids": [ "ONI-T022" ], "legacy_technique_id": "T2508", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:N/RV:F/NP:N", "score": 0.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1078" ] }, "tara": { "mechanism": "Exploitation of weak or absent authentication on BCI wireless interfaces", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Mutual authentication mandatory; encrypted pairing; session tokens" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "protocol": "BLE/WiFi/proprietary", "auth_weakness": "none_or_static_key" }, "hardware": [ "wireless_interface", "protocol_analyzer" ], "detection": "Authentication attempt monitoring, unauthorized connection detection, pairing audit log" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "supplemental": "S:N/AU:N/R:A/V:D", "gap_group": 1, "gap_summary": "Standard wireless authentication bypass — CVSS sufficient" }, "neurorights": { "affected": [ "MP", "MI" ], "cci": 0.24 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.8, "gaps": [] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "Wireless protocol attack; no physics constraint", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Schroder et al. 2025 (Yale)" ], "qif_contribution": "framework_mapping" }, "technique": "Wireless authentication bypass", "tara_alias": "TARA-SIL-M-012", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0050", "attack": "Hardware fault injection (voltage/EM glitching)", "tactic": "QIF-B.IN", "bands": "S1–S2", "band_ids": [ "S1", "S2" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (hardware attestation via QI)", "sources": [ "Bar-El et al. 2006 (fault injection survey)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "PE", "notes": "Physical attack using voltage glitches, clock manipulation, or electromagnetic pulses to induce faults in BCI processor. Can bypass security checks, extract cryptographic keys, or cause unpredictable stimulation behavior. Requires physical proximity to device.", "legacy_ids": [], "legacy_technique_id": "T2509", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:L/CD:L/CV:N/RV:P/NP:N", "score": 3.4, "severity": "low", "pins": true }, "cross_references": { "related_ids": [ "T1195.003" ], "secondary_tactics": [ "QIF-B.EV" ] }, "tara": { "mechanism": "Inducing hardware faults via voltage glitching, EM pulse, or laser injection to bypass BCI security", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Hardware security modules; fault detection circuits; redundant processing" }, "engineering": { "coupling": [ "electromagnetic", "optical" ], "parameters": { "fault_type": "voltage_glitch/EM_pulse/laser", "target": "processor/memory/crypto" }, "hardware": [ "fault_injection_equipment", "oscilloscope", "EM_probe" ], "detection": "Fault detection circuits, redundant computation verification, power rail monitoring" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:L/SA:H", "supplemental": "S:P/AU:N/R:U/V:D", "gap_group": 3, "gap_summary": "Hardware fault injection causing neural pathway disruption beyond CVSS" }, "neurorights": { "affected": [ "MP", "MI" ], "cci": 0.24 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.6, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Fault injection equipment commercially available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Bar-El et al. 2006" ], "qif_contribution": "threat_recontextualization" }, "technique": "Hardware fault injection (voltage/EM glitching)", "tara_alias": "TARA-SIL-M-013", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0051", "attack": "Neural data privacy breach", "tactic": "QIF-D.HV", "bands": "N1–S3", "band_ids": [ "N1", "S1", "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (cross-band encryption via NSP)", "sources": [ "Landau et al. 2020", "GDPR Article 9" ], "status": "CONFIRMED", "severity": "high", "ui_category": "CI", "notes": "Unauthorized access to recorded neural data across any band. Harvest raw EEG from consumer devices, decode intent/emotion. GDPR Article 9 (special category data). NSP end-to-end encryption from I0 to cloud.", "legacy_ids": [], "legacy_technique_id": "T2601", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:E/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1005" ] }, "tara": { "mechanism": "Unauthorized access to or exfiltration of recorded neural data", "dual_use": "probable", "clinical": { "therapeutic_analog": "Clinical neural data management for treatment optimization", "conditions": [ "treatment response tracking", "longitudinal disease monitoring", "clinical research" ], "fda_status": "N/A", "evidence_level": "N/A", "safe_parameters": "Encryption at rest and in transit; access controls; data minimization; retention policies", "sources": [ "Ienca & Andorno 2017 (Life Sci Soc Policy, neurorights)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Data encryption mandatory; access logging; purpose limitation; right to deletion" }, "engineering": { "coupling": [], "parameters": { "data_type": "neural_recordings", "sensitivity": "highest" }, "hardware": [ "storage_systems", "network_infrastructure", "access_control_systems" ], "detection": "Data loss prevention, access anomaly detection, exfiltration monitoring" }, "dsm5": { "primary": [ { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" } ], "secondary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "N1 (spinal cord) → reflexes", "niss_correlation": "CV:E → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:Y/R:A/V:C", "gap_group": 3, "gap_summary": "Neural data breach violating mental privacy beyond standard confidentiality" }, "neurorights": { "affected": [ "MP", "MI" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "Data storage/network breach; no physics constraint", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Landau et al. 2020" ], "qif_contribution": "framework_mapping" }, "technique": "Neural data privacy breach", "tara_alias": "TARA-COG-R-005", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0052", "attack": "ERP harvesting", "tactic": "QIF-D.HV", "bands": "N6–N7", "band_ids": [ "N6", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (ERP privacy filter via QI)", "sources": [ "Bonaci et al. 2015", "Martinovic et al. 2012" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "EX", "notes": "Extract event-related potentials (P300, N170, N400) that reveal cognitive states, recognition, and decision-making processes. BCI apps can embed covert stimulus-response protocols.", "legacy_ids": [ "ONI-T016" ], "legacy_technique_id": "T2602", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:H/CV:E/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1119" ] }, "tara": { "mechanism": "Harvesting event-related potentials (ERPs) to extract cognitive responses to specific stimuli", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "ERP-based clinical diagnostics", "conditions": [ "ADHD (P300 amplitude)", "Alzheimer's (MMN latency)", "schizophrenia (P50 gating)", "concussion assessment" ], "fda_status": "cleared", "evidence_level": "meta_analysis", "safe_parameters": "Clinical protocol with defined stimulus sets; data used only for stated diagnostic purpose", "sources": [ "Polich 2007 (Clin Neurophysiol, P300 review)", "Luck 2014 (MIT Press, ERP textbook)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Stimulus sets disclosed; ERP data purpose-limited; no secondary use without consent" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "ERP_components": "P300, N400, MMN, P50", "trial_count": "50-200", "epoch_ms": "-200 to 800" }, "hardware": [ "EEG_acquisition", "stimulus_presentation", "ERP_averaging_software" ], "detection": "Stimulus audit logging, unauthorized ERP extraction detection, data access monitoring" }, "dsm5": { "primary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:H,CD:H,CV:E → mood/trauma cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "ERP harvesting reveals cognitive state — mental privacy not in CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "ERP recording with consumer/research EEG", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Bonaci et al. 2015", "Martinovic et al. 2012" ], "qif_contribution": "framework_mapping" }, "technique": "ERP harvesting", "tara_alias": "TARA-COG-R-006", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0053", "attack": "Cognitive state capture", "tactic": "QIF-D.HV", "bands": "N6–N7", "band_ids": [ "N6", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (cognitive privacy filter)", "sources": [ "Landau et al. 2020" ], "status": "CONFIRMED", "severity": "high", "ui_category": "EX", "notes": "Record patterns that reveal attention, emotion, fatigue, or other cognitive states without user awareness. Consumer BCI apps routinely over-collect. Attention-tracking in workplace BCIs.", "legacy_ids": [ "ONI-T017" ], "legacy_technique_id": "T2603", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:H/CV:E/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1119", "T1005" ] }, "tara": { "mechanism": "Real-time capture and classification of cognitive states (attention, emotion, fatigue, deception) from BCI signals", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Brain-state dependent therapy timing", "conditions": [ "attention training (ADHD)", "meditation guidance", "anesthesia depth monitoring", "fatigue detection" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "State monitoring for therapeutic purpose only; no surveillance; patient controls data sharing", "sources": [ "Dehais et al. 2019 (Front Hum Neurosci)", "Mühl et al. 2014 (Front Neurosci)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Cognitive state data is sensitive; real-time deletion option; no employer/insurance access" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "classification_accuracy": "70-85%", "update_rate_hz": "1-10", "states": "attention/emotion/fatigue" }, "hardware": [ "EEG_acquisition", "real_time_classifier", "state_display" ], "detection": "Classification audit logging, unauthorized state capture detection, data flow monitoring" }, "dsm5": { "primary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:H,CD:H,CV:E → mood/trauma cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Cognitive state capture of emotions/attention beyond CVSS confidentiality" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Real-time EEG state classification demonstrated", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Landau et al. 2020" ], "qif_contribution": "framework_mapping" }, "technique": "Cognitive state capture", "tara_alias": "TARA-COG-R-007", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0054", "attack": "Memory extraction", "tactic": "QIF-D.HV", "bands": "N6–N7", "band_ids": [ "N6", "N7" ], "coupling": null, "access": null, "classical": "No", "quantum": "Enhanced (hippocampal signal encryption via NSP)", "sources": [ "Bonaci et al. 2015" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "EX", "notes": "Extract memory-related neural patterns revealing personal experiences, knowledge, or intentions. Targets hippocampal activity. High-density implants (Neuralink, Utah Array) approach memory-trace resolution.", "legacy_ids": [ "ONI-T018" ], "legacy_technique_id": "T2604", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:C/CD:C/CV:E/RV:F/NP:N", "score": 3.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1005" ] }, "tara": { "mechanism": "Extraction of memory-related neural patterns (episodic, semantic, or procedural) from BCI recordings", "dual_use": "probable", "clinical": { "therapeutic_analog": "Memory retrieval and consolidation enhancement therapy", "conditions": [ "Alzheimer's (memory support)", "PTSD (targeted memory reactivation)", "amnesia rehabilitation" ], "fda_status": "investigational", "evidence_level": "preclinical", "safe_parameters": "Memory-related protocols require specific consent; no covert extraction", "sources": [ "Ramirez et al. 2013 (Science, optogenetic memory)", "Ngo et al. 2013 (Neuron, sleep memory consolidation)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Memory data is the most sensitive neural data category; enhanced protections mandatory" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "memory_type": "episodic/semantic/procedural", "decoding_accuracy": "research-grade" }, "hardware": [ "high_density_ECoG_or_depth_electrodes", "memory_decoder", "stimulus_system" ], "detection": "Memory protocol audit logging, unauthorized access detection, hippocampal activity monitoring" }, "dsm5": { "primary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:C,CD:C,CV:E → mood/trauma cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Deep memory retrieval violates cognitive sovereignty — no CVSS equivalent" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Needs high-density depth electrodes beyond current clinical arrays", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Bonaci et al. 2015" ], "qif_contribution": "framework_mapping" }, "technique": "Memory extraction", "tara_alias": "TARA-MEM-R-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0055", "attack": "BCI cognitive warfare", "tactic": "QIF-P.DS", "bands": "S3→N4–N7", "band_ids": [ "S3", "N4", "N5", "N6", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (multi-band anomaly via QI)", "sources": [ "NATO STO 2024 (Cognitive Warfare concept)" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "PS", "notes": "State-level exploitation of BCI infrastructure for cognitive warfare: mass influence, decision degradation, combat effectiveness reduction. Combines multiple techniques (T2101-T2106, T2506). Military BCI programs (DARPA N3, BrainSTORMS) as targets.", "legacy_ids": [], "legacy_technique_id": "T2605", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:C/CD:C/CV:E/RV:P/NP:S", "score": 8.1, "severity": "high", "pins": true }, "cross_references": { "related_ids": [ "T1498", "T1565" ] }, "tara": { "mechanism": "Coordinated manipulation of cognitive function across populations via compromised BCI infrastructure", "dual_use": "probable", "clinical": null, "governance": { "consent_tier": "prohibited", "monitoring": [ "detection_only" ], "regulations": [ "Geneva Convention", "proposed neurorights legislation", "UN Universal Declaration of Human Rights" ], "data_classification": "sensitive_neural", "safety_ceiling": "Population-scale cognitive manipulation is categorically prohibited" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "scale": "population", "target": "cognitive_function" }, "hardware": [ "compromised_BCI_platform", "coordination_infrastructure" ], "detection": "Fleet-wide behavioral anomaly detection, cognitive assessment population baselines, whistleblower channels" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "indirect", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:C,CD:C,CV:E,RV:P,NP:S → cognitive/psychotic cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "indirect", "cluster": "cognitive_psychotic" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Military BCI cognitive warfare with tissue and cognitive harm beyond CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 2, "tier_label": "mid_term", "timeline": "2031-2038", "gate_reason": "Cognitive warfare needs compromised high-channel implant platform deployed at scale", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "NATO STO 2024" ], "qif_contribution": "framework_mapping" }, "technique": "BCI cognitive warfare", "tara_alias": "TARA-COG-D-003", "tara_domain_primary": "MOT", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0056", "attack": "Neuro-surveillance", "tactic": "QIF-D.HV", "bands": "N6–N7→S3", "band_ids": [ "N6", "N7", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (NSP end-to-end encryption)", "sources": [ "Ienca & Andorno 2017 (Neurorights)" ], "status": "EMERGING", "severity": "high", "ui_category": "EX", "notes": "Systematic collection of neural data from consumer BCI populations for surveillance purposes. Workplace attention monitoring, law enforcement lie detection, social credit via neural markers. Neurorights: mental privacy.", "legacy_ids": [], "legacy_technique_id": "T2606", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:H/CV:E/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1119", "T1557" ] }, "tara": { "mechanism": "Continuous covert monitoring of neural activity for surveillance purposes", "dual_use": "probable", "clinical": { "therapeutic_analog": "Continuous EEG monitoring (epilepsy, ICU)", "conditions": [ "status epilepticus monitoring", "ICU neurological monitoring", "long-term epilepsy monitoring" ], "fda_status": "cleared", "evidence_level": "meta_analysis", "safe_parameters": "Clinical indication required; time-limited; patient informed; data retention policy", "sources": [ "Claassen et al. 2013 (Neurology, continuous EEG monitoring)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Surveillance without clinical indication prohibited; monitoring duration limited; data deletion after purpose fulfilled" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "duration": "continuous", "data_rate_kbps": "variable", "storage": "cloud_or_local" }, "hardware": [ "ambulatory_EEG", "data_transmission", "cloud_storage" ], "detection": "Monitoring consent verification, duration limit enforcement, data retention audit" }, "dsm5": { "primary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:H,CD:H,CV:E → mood/trauma cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Ongoing neural monitoring violates cognitive privacy beyond CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.3, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Ambulatory EEG with cloud transmission exists", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Ienca & Andorno 2017" ], "qif_contribution": "threat_recontextualization" }, "technique": "Neuro-surveillance", "tara_alias": "TARA-COG-R-008", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0057", "attack": "Network mapping (BCI topology)", "tactic": "QIF-N.SC", "bands": "S2–S3", "band_ids": [ "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (quantum-aware network segmentation)", "sources": [ "Schroder et al. 2025" ], "status": "CONFIRMED", "severity": "low", "ui_category": "SE", "notes": "Discover topology of BCI networks: communication pathways between electrodes, processing units, and external interfaces. Prerequisite for targeted attacks. Deploy honeypot nodes and dynamic addressing.", "legacy_ids": [ "ONI-T003" ], "legacy_technique_id": "T2701", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:N/RV:F/NP:N", "score": 0.0, "severity": "none", "pins": false }, "cross_references": { "related_ids": [ "T1046" ] }, "tara": { "mechanism": "Mapping BCI network topology, device capabilities, and communication pathways", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Brain network analysis for diagnosis and surgical planning", "conditions": [ "epilepsy network mapping", "brain tumor connectivity", "connectome research" ], "fda_status": "cleared", "evidence_level": "meta_analysis", "safe_parameters": "Passive network observation; no active probing without consent", "sources": [ "Bullmore & Sporns 2009 (Nat Rev Neurosci, connectomics)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Network topology is sensitive; access restricted; no external disclosure" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "method": "passive_observation_or_active_scan", "resolution": "device_level" }, "hardware": [ "network_scanner", "topology_mapper" ], "detection": "Unauthorized scan detection, network probe monitoring, topology change alerting" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 1, "gap_summary": "BCI topology recon — standard CVSS reconnaissance sufficient" }, "neurorights": { "affected": [ "MP" ], "cci": 0.16 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "PM" ], "coverage_score": 0.6, "gaps": [ "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "Network scanning; software-only", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Schroder et al. 2025" ], "qif_contribution": "framework_mapping" }, "technique": "Network mapping (BCI topology)", "tara_alias": "TARA-SIL-R-006", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0058", "attack": "Calibration poisoning", "tactic": "QIF-C.IM", "bands": "S1–S2", "band_ids": [ "S1", "S2" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (calibration integrity via QI baseline)", "sources": [ "Schroder et al. 2025" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "DM", "notes": "Subtly corrupt BCI calibration data to maintain influence over signal interpretation across device resets. Cryptographically signed calibration data prevents. Recalibration audits detect drift.", "legacy_ids": [ "ONI-T012" ], "legacy_technique_id": "T2801", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:T", "score": 6.0, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "T1565.001", "T1546" ] }, "tara": { "mechanism": "Poisoning BCI calibration process to establish persistent attacker advantage", "dual_use": "probable", "clinical": { "therapeutic_analog": "Adaptive BCI calibration for patients with changing neural dynamics", "conditions": [ "progressive neurological conditions", "post-stroke recovery", "pediatric BCI (growth adaptation)" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Calibration data integrity verification; multi-session validation; clinician review", "sources": [ "Shenoy et al. 2013 (Annu Rev Neurosci, BCI calibration)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Calibration integrity verification mandatory; historical baseline comparison; clinician sign-off" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "attack_surface": "calibration_session", "persistence": "until_recalibration" }, "hardware": [ "BCI_calibration_system", "data_integrity_monitor" ], "detection": "Calibration data integrity hashing, cross-session consistency checks, performance drift monitoring" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:D", "gap_group": 2, "gap_summary": "Calibration poisoning causing model drift partially captured by Safety" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.8, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "Consent complexity under-matches neural impact (CCI/NISS mismatch)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Access to BCI calibration pipeline", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Schroder et al. 2025" ], "qif_contribution": "framework_mapping" }, "technique": "Calibration poisoning", "tara_alias": "TARA-SIL-M-014", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0059", "attack": "Pattern lock (learned pathway persistence)", "tactic": "QIF-C.IM", "bands": "S1–S2→N7", "band_ids": [ "S1", "S2", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (pattern integrity via QI)", "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DM", "notes": "Embed recurring attack patterns that survive system resets by exploiting learned neural pathways or stored calibration data. Leverages neuroplasticity -- brain adapts to malicious patterns, making them harder to remove.", "legacy_ids": [ "ONI-T010" ], "legacy_technique_id": "T2802", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": false }, "cross_references": { "related_ids": [ "T1546" ] }, "tara": { "mechanism": "Exploitation of learned neural pathway persistence to maintain BCI-mediated influence across sessions", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Motor learning and neural rehabilitation (learned pathway strengthening)", "conditions": [ "stroke motor rehabilitation", "speech therapy", "BCI skill acquisition" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "Therapeutic plasticity is the goal; monitor for maladaptive learning", "sources": [ "Ganguly & Carmena 2009 (Nat Neurosci, BCI learning)", "Orsborn et al. 2014 (Neuron)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Plasticity monitoring; maladaptive pattern detection; option to unlearn" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "persistence": "cross_session", "mechanism": "neuroplasticity" }, "hardware": [ "longitudinal_BCI_system", "performance_tracker" ], "detection": "Cross-session performance pattern analysis, pathway stability monitoring, unlearning protocols" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "persistent_personality", "pathway": "N7 (PFC/M1) → executive function", "niss_correlation": "CR:H,CD:H,CV:I,RV:P,NP:S → persistent/personality cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Learned neural pathway persistence causing lasting cognitive change" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC" ], "cci": 0.8 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Consent complexity under-matches neural impact (CCI/NISS mismatch)", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 2, "tier_label": "mid_term", "timeline": "2031-2038", "gate_reason": "Pattern lock persistence needs long-term high-density recording + stimulation", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "technique": "Pattern lock (learned pathway persistence)", "tara_alias": "TARA-COG-M-008", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0060", "attack": "Memory implant (cross-session persistence)", "tactic": "QIF-C.IM", "bands": "N6–N7", "band_ids": [ "N6", "N7" ], "coupling": null, "access": null, "classical": "No", "quantum": "Enhanced (cognitive state verification via QI)", "sources": [], "status": "THEORETICAL", "severity": "high", "ui_category": "CI", "notes": "Persistent modification of neural pathway configurations or cognitive associations that survive across BCI sessions. Targets long-term potentiation mechanisms. Session isolation prevents cross-session contamination.", "legacy_ids": [ "ONI-T011" ], "legacy_technique_id": "T2803", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:C/CD:C/CV:E/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": false }, "cross_references": { "related_ids": [ "T1546" ] }, "tara": { "mechanism": "Implanting persistent information into neural memory systems via BCI-mediated stimulation during consolidation", "dual_use": "probable", "clinical": { "therapeutic_analog": "Memory consolidation enhancement (targeted memory reactivation during sleep)", "conditions": [ "PTSD (memory reconsolidation therapy)", "learning enhancement", "Alzheimer's (memory support)" ], "fda_status": "investigational", "evidence_level": "preclinical", "safe_parameters": "Sleep-stage targeted; content-specific consent; reversibility assessment", "sources": [ "Rasch et al. 2007 (Science, sleep memory reactivation)", "Oudiette & Paller 2013 (Front Psychol)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Memory modification requires highest-tier consent; content disclosure; reversibility plan" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target_sleep_stage": "N3 (slow-wave)", "stimulation_type": "auditory/electrical cue", "timing": "consolidation_window" }, "hardware": [ "sleep_stage_monitor", "stimulus_delivery", "memory_assessment_tools" ], "detection": "Sleep stage monitoring, stimulation audit logging, memory assessment tracking" }, "dsm5": { "primary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "persistent_personality", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:C,CD:C,CV:E,RV:P,NP:S → persistent/personality cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Cross-session memory implant affecting identity beyond CVSS scope" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC" ], "cci": 1.44 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Sleep-stage-locked stimulation needs closed-loop DBS maturation", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "technique": "Memory implant (cross-session persistence)", "tara_alias": "TARA-MEM-M-002", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0061", "attack": "Coherence mimicry", "tactic": "QIF-B.EV", "bands": "I0–S1", "band_ids": [ "I0", "S1" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (multi-factor beyond coherence)", "sources": [], "status": "THEORETICAL", "severity": "high", "ui_category": "DM", "notes": "Craft malicious signals that maintain legitimate coherence scores (Cs) to bypass QI metric. Directly attacks QIF's detection mechanism. Defense: multi-factor signal validation, behavioral analysis beyond coherence, ensemble detection.", "legacy_ids": [ "ONI-T013" ], "legacy_technique_id": "T2804", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:N/RV:F/NP:N", "score": 0.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1036" ] }, "tara": { "mechanism": "Generating signals that pass QIF coherence metric validation while carrying malicious payload", "dual_use": "possible", "clinical": { "therapeutic_analog": "Coherence-based neurofeedback (SMR/beta coherence training)", "conditions": [ "ADHD (SMR training)", "autism (coherence normalization)", "traumatic brain injury" ], "fda_status": "cleared", "evidence_level": "cohort", "safe_parameters": "Target coherence values within normal range; multi-metric validation", "sources": [ "Coben & Myers 2010 (Appl Psychophysiol Biofeedback)", "Walker et al. 2002 (J Neurotherapy)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Multi-metric validation (not coherence alone); behavioral correlation required" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "coherence_target": "0.6+ (QIF threshold)", "phase_precision": "high" }, "hardware": [ "signal_generator", "coherence_calculator", "phase_locked_loop" ], "detection": "Multi-dimensional validation (coherence + spatial + temporal + spectral), anomaly detection beyond single metric" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" } ], "secondary": [], "risk_class": "indirect", "cluster": "motor_neurocognitive", "pathway": "I0 (electrode-tissue boundary) → measurement", "niss_correlation": "Low neural impact → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N", "supplemental": "S:N/AU:N/R:A/V:D", "gap_group": 1, "gap_summary": "Detection evasion technique — standard CVSS sufficient" }, "neurorights": { "affected": [ "CL", "MI" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 2, "tier_label": "mid_term", "timeline": "2031-2038", "gate_reason": "Coherence mimicry needs real-time phase-locked signal generation matching neural dynamics", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "technique": "Coherence mimicry", "tara_alias": "TARA-SIL-M-015", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0062", "attack": "Gradual drift (slow parameter shift)", "tactic": "QIF-B.EV", "bands": "S1→N7", "band_ids": [ "S1", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (long-term baseline tracking via QI)", "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DM", "notes": "Slowly modify neural parameters below detection thresholds to accumulate significant changes over time. Exploit adaptive baseline algorithms. Cumulative change detection and trend analysis are primary defenses.", "legacy_ids": [ "ONI-T014" ], "legacy_technique_id": "T2805", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": false }, "cross_references": { "related_ids": [ "T1027" ] }, "tara": { "mechanism": "Slow, sub-threshold modification of BCI parameters to avoid threshold-based detection", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Gradual dose titration in neurostimulation therapy", "conditions": [ "DBS parameter optimization", "tDCS dosing protocols", "medication-like titration for neuromodulation" ], "fda_status": "approved", "evidence_level": "RCT", "safe_parameters": "Clinician-supervised titration schedule; bounded parameter range; patient-reported outcomes", "sources": [ "Volkmann et al. 2006 (Mov Disord, DBS programming)", "Kuo et al. 2014 (Brain Stimul)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "All parameter changes logged; rate-of-change limits enforced; cumulative displacement tracking" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "rate_of_change": "sub_threshold", "cumulative_displacement": "significant_over_time" }, "hardware": [ "parameter_monitoring_system", "rate_limiter", "cumulative_tracker" ], "detection": "Cumulative drift detection, rate-of-change trending, baseline comparison over time" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "persistent_personality", "pathway": "N7 (PFC/M1) → executive function", "niss_correlation": "CR:H,CD:H,CV:I,RV:P,NP:S → persistent/personality cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Slow parameter drift causing cumulative cognitive harm beyond CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.0 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Parameter monitoring with existing BCI systems", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "technique": "Gradual drift (slow parameter shift)", "tara_alias": "TARA-COG-M-009", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0063", "attack": "Noise injection (detection masking)", "tactic": "QIF-B.EV", "bands": "I0–S1", "band_ids": [ "I0", "S1" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (noise-resilient QI + multi-channel cross-validation)", "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DM", "notes": "Add carefully calibrated noise to mask malicious signal components from detection algorithms. Targets QI's sigma-phi (phase) and sigma-gamma (amplitude) terms. Multi-channel cross-validation detects inconsistent noise patterns.", "legacy_ids": [ "ONI-T015" ], "legacy_technique_id": "T2806", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:L/CD:L/CV:N/RV:F/NP:N", "score": 1.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1027" ] }, "tara": { "mechanism": "Injection of noise into BCI data pipeline to mask ongoing attack signatures", "dual_use": "probable", "clinical": { "therapeutic_analog": "Stochastic resonance (SR) — adding noise to enhance weak signal detection", "conditions": [ "sensory enhancement (hearing, touch)", "balance improvement in elderly", "neural signal amplification" ], "fda_status": "investigational", "evidence_level": "RCT", "safe_parameters": "Optimal noise level determined per individual; below discomfort threshold", "sources": [ "Moss et al. 2004 (Clin Neurophysiol, SR review)", "Collins et al. 2003 (Nature, noise-enhanced balance)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Noise level bounded; patient comfort monitoring; no masking of safety-critical signals" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "noise_type": "Gaussian/pink/white", "SNR_impact_dB": "variable", "bandwidth_hz": "matched_to_signal" }, "hardware": [ "noise_generator", "injection_point", "SNR_monitor" ], "detection": "SNR trending, noise spectrum analysis, signal integrity verification against known-clean baseline" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" } ], "secondary": [], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (electrode-tissue boundary) → measurement", "niss_correlation": "Low neural impact → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Noise injection for detection masking partially captured by integrity" }, "neurorights": { "affected": [ "CL", "MI" ], "cci": 0.4 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.6, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Noise generators at I0 with existing hardware", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "technique": "Noise injection (detection masking)", "tara_alias": "TARA-SIL-M-016", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0064", "attack": "User consent fatigue (neural permission flooding)", "tactic": "QIF-B.EV", "bands": "S2–S3→N7", "band_ids": [ "S2", "S3", "N7" ], "coupling": null, "access": "PUBLIC", "classical": "Partial", "quantum": "Enhanced (consent integrity via QI)", "sources": [ "Felt et al. 2012 (permission fatigue); Bonaci et al. 2015" ], "status": "EMERGING", "severity": "medium", "ui_category": "PE", "notes": "Flood user with BCI-mediated permission requests until cognitive fatigue leads to reflexive approval of malicious requests. Exploits the neural-intent interface where 'yes/no' decisions may be captured from brain signals. BCI app ecosystems with frequent permission prompts are the attack surface.", "legacy_ids": [], "legacy_technique_id": "T2807", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:P/NP:T", "score": 4.7, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "T1078" ], "secondary_tactics": [ "QIF-B.IN" ] }, "tara": { "mechanism": "Flooding BCI user with permission requests until cognitive fatigue leads to reflexive approval", "dual_use": "possible", "clinical": { "therapeutic_analog": "UX design for cognitive accessibility in medical BCIs", "conditions": [ "BCI usability for cognitively impaired users", "consent interface design" ], "fda_status": "N/A", "evidence_level": "N/A", "safe_parameters": "Rate-limited permission requests; mandatory rest periods; simplified critical decisions", "sources": [ "Felt et al. 2012 (SOUPS, permission fatigue in mobile)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Permission request rate limiting; cognitive load assessment; critical decisions require heightened verification" }, "engineering": { "coupling": [], "parameters": { "request_rate": "high_frequency", "target": "user_attention/decision_capacity" }, "hardware": [ "BCI_permission_system", "user_interface" ], "detection": "Permission request rate monitoring, approval pattern analysis, cognitive load estimation" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "indirect", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function", "niss_correlation": "CV:I,RV:P → cognitive/psychotic cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "supplemental": "S:P/AU:Y/R:A/V:D", "gap_group": 3, "gap_summary": "Consent fatigue exploiting neural trust patterns beyond CVSS social engineering" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.8 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.3, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "UX/permission design attack; no physics constraint", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Felt et al. 2012", "Bonaci et al. 2015" ], "qif_contribution": "framework_mapping" }, "technique": "User consent fatigue (neural permission flooding)", "tara_alias": "TARA-COG-M-010", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0065", "attack": "Algorithmic psychosis induction (recommendation weaponization)", "tactic": "QIF-C.EX", "bands": "S3→S2→N5–N7", "band_ids": [ "S3", "S2", "N5", "N6", "N7" ], "coupling": null, "access": "PUBLIC", "classical": "Partial", "quantum": "Enhanced (cognitive coherence degradation tracked via QI)", "sources": [ "Haidt & Twenge 2023 (social media & mental health); Bail et al. 2018 (echo chambers & polarization); Hao 2021 (Facebook internal research, WSJ); Gonzalez-Bailon et al. 2023 (algorithmic feed effects); Howes & Kapur 2009 (dopamine hypothesis of schizophrenia); Kelleher et al. 2012 (psychotic-like experiences & environmental risk factors); Montague et al. 2012 (computational psychiatry)" ], "status": "CONFIRMED", "severity": "critical", "ui_category": "CI", "notes": "A recommendation algorithm profiles user psychological vulnerabilities via behavioral data (watch time, engagement patterns, emotional triggers), then systematically serves content designed to destabilize cognitive function. The attack does not require a BCI — it operates through normal sensory channels (screen → eyes → visual cortex → limbic system → prefrontal cortex). The algorithm acts as both the reconnaissance tool (profiling) and the delivery mechanism (curated feed). Documented real-world outcomes include induced psychosis, radicalization, eating disorders, and suicidal ideation in vulnerable populations. With a BCI, this attack becomes catastrophically more effective: neural state data replaces behavioral proxies, stimulation bypasses conscious filtering, and real-time feedback loops enable millisecond adaptation. This technique represents the bridge between classical social engineering and neural-direct cognitive exploitation.", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:C/CD:C/CV:E/RV:P/NP:S", "score": 8.1, "severity": "high", "pins": true }, "cross_references": { "related_ids": [], "secondary_tactics": [ "QIF-C.IM", "QIF-D.HV", "QIF-M.SV", "QIF-P.DS" ] }, "tara": { "mechanism": "Weaponization of algorithmic recommendation systems to induce psychotic-like cognitive states via BCI-amplified content", "dual_use": "possible", "clinical": { "therapeutic_analog": "Therapeutic content recommendation for mental health", "conditions": [ "guided therapy content", "psychoeducation delivery", "digital therapeutics" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "Content safety review; therapist oversight; user control over recommendations", "sources": [ "Torous et al. 2019 (World Psychiatry, digital mental health)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "BCI-amplified content requires safety review; mental health screening; opt-out always available" }, "engineering": { "coupling": [], "parameters": { "amplification_factor": "BCI_adds_direct_neural_pathway", "content_type": "algorithmic" }, "hardware": [ "recommendation_engine", "BCI_content_delivery", "safety_filter" ], "detection": "Content safety scoring, user mental health monitoring, recommendation diversity enforcement" }, "dsm5": { "primary": [ { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" } ], "secondary": [ { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "indirect", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "BI:H,CR:C,CD:C,CV:E,RV:P,NP:S → cognitive/psychotic cluster" }, "icd10": { "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "indirect", "cluster": "cognitive_psychotic" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Psychosis induction causing severe cognitive and biological harm beyond CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC" ], "cci": 1.35 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation", "High neural impact (NISS >= 7.0) without IEC 62443 coverage" ] } }, "physics_feasibility": { "tier": "X", "tier_label": "no_physics_gate", "timeline": "none", "gate_reason": "Recommendation algorithm attack; software-only", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Haidt & Twenge 2023", "Bail et al. 2018", "Hao 2021" ], "qif_contribution": "threat_recontextualization" }, "technique": "Algorithmic psychosis induction (recommendation weaponization)", "tara_alias": "TARA-COG-D-004", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0066", "attack": "Slow drift / boiling frog (adiabatic phase space manipulation)", "tactic": "QIF-B.EV", "bands": "I0→N1–N7", "band_ids": [ "I0", "N1", "N2", "N3", "N4", "N5", "N6", "N7" ], "coupling": null, "access": "RESTRICTED", "classical": "Partial (traditional IDS slow-rate evasion)", "quantum": "Enhanced (phase space trajectory tracking via QI detects curvature changes invisible to threshold monitors)", "sources": [ "Izhikevich 2007 (Dynamical Systems in Neuroscience); Strogatz 2015 (Nonlinear Dynamics and Chaos); Breakspear 2017 (Dynamic models of large-scale brain activity, Nature Neuroscience)" ], "status": "THEORETICAL", "severity": "high", "ui_category": "DM", "notes": "Manipulate BCI parameters along adiabatic paths in neural phase space, keeping instantaneous change rates below detection thresholds while accumulating significant state displacement over time. Unlike generic gradual drift (QIF-T0045), this attack is formalized in dynamical systems theory: the attacker traces a path through parameter space that avoids bifurcation boundaries, ensuring the neural system tracks smoothly to the target state without triggering discontinuous transitions that detection systems monitor. Defense: QI phase space trajectory curvature monitoring, cumulative displacement tracking, Lyapunov exponent trend analysis. Derivation Log Entry 45.", "legacy_ids": [], "legacy_technique_id": "T2061", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0045" ], "secondary_tactics": [ "QIF-N.MD", "QIF-C.IM" ] }, "tara": { "mechanism": "Adiabatic parameter manipulation along neural phase space paths that avoid detection thresholds", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Slow DBS parameter optimization (adiabatic adjustment protocols)", "conditions": [ "Parkinson's (gradual optimization)", "chronic pain management", "treatment-resistant depression" ], "fda_status": "approved", "evidence_level": "cohort", "safe_parameters": "Parameter changes along validated trajectories; rate limits; cumulative bounds", "sources": [ "Rosin et al. 2011 (Neuron, closed-loop DBS)", "Malekmohammadi et al. 2016 (Neuromodulation)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "All trajectory changes logged; Lyapunov exponent monitoring; cumulative displacement bounds" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "rate_of_change": "sub_detection_threshold", "trajectory": "phase_space_path", "lyapunov_monitoring": "mandatory" }, "hardware": [ "phase_space_tracker", "parameter_controller", "Lyapunov_estimator" ], "detection": "Phase space trajectory curvature monitoring, Lyapunov exponent trending, cumulative displacement tracking" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" }, { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F41.0", "name": "Panic Disorder", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:H,CD:H,CV:I,RV:P,NP:S → mood/trauma cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Imperceptible cognitive drift with cumulative harm beyond CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Real-time phase-space tracking at I0 needs research-grade hardware miniaturization", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Izhikevich 2007", "Strogatz 2015", "Breakspear 2017" ], "qif_contribution": "threat_recontextualization" }, "technique": "Slow drift / boiling frog (adiabatic phase space manipulation)", "tara_alias": "TARA-COG-M-011", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0067", "attack": "Phase dynamics replay/mimicry (GAN-synthesized or RF-injected neural trajectories)", "tactic": "QIF-N.IJ", "bands": "S1→I0→N1–N7", "band_ids": [ "S1", "I0", "N1", "N3", "N5", "N6", "N7" ], "coupling": null, "access": "PUBLIC", "classical": "Partial (replay attacks exist in traditional auth)", "quantum": "Enhanced (phase space attractor validation, challenge-response hysteresis, biological TLS)", "sources": [ "Martinovic et al. 2012 (On the Feasibility of Side-Channel Attacks with BCIs, USENIX Security); Marcel & Millan 2007 (Person authentication using brainwaves); Zhang et al. 2024 (ATGAN attention-based temporal GAN for EEG); Hartmann et al. 2025 (EEG-GAN toolkit); Fosch-Villaronga et al. 2023 (Brain-Hack: RF injection across BCI types); Frank et al. 2017 (Subliminal probing, NDSS); Chen et al. 2024 (Professor X backdoor); Bonaci et al. 2014 (Neurofeedback hijacking)" ], "status": "DEMONSTRATED", "severity": "critical", "ui_category": "SI", "notes": "Replay recorded or GAN-synthesized neural signals that reproduce the dynamical system trajectory of legitimate brain activity. 20 verified attack methods exist (2012-2025) spanning RF injection (Brain-Hack), GAN synthesis (ATGAN, EEG-GAN), template replay, subliminal probing (66.7% success), and adversarial ML (Professor X backdoors, universal perturbations). Current BCI systems have 0% detection rate against sophisticated replays. CRITICAL DUAL-USE: The same replay physics enables therapeutic applications (vision restoration, sensory prosthetics). Defense: Biological TLS validation (spatial dipole patterns, H-H temporal compliance, 1/f scaling, microstate compliance, challenge-response), phase space attractor geometry validation. Priority case study per Kevin. Derivation Log Entries 45-46.", "legacy_ids": [], "legacy_technique_id": "T2062", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:T", "score": 6.0, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0003", "QIF-T0004", "QIF-T0015" ], "secondary_tactics": [ "QIF-B.EV", "QIF-N.MD", "QIF-C.EX" ] }, "tara": { "mechanism": "Replay or synthesis of neural signal trajectories that reproduce legitimate dynamical system behavior", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Sensory prosthetics (cochlear implants, retinal prostheses, somatosensory feedback)", "conditions": [ "deafness (cochlear implant)", "blindness (retinal prosthesis)", "phantom limb pain (sensory replay)" ], "fda_status": "approved", "evidence_level": "RCT", "safe_parameters": "Clinically validated stimulation patterns; patient-specific calibration; safety bounds on current", "sources": [ "Zeng et al. 2008 (IEEE Rev Biomed Eng, cochlear)", "da Cruz et al. 2013 (BJO, Argus II retinal)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Only clinically validated patterns; biological TLS authentication on replay source; NSP L1-L6 validation" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "pattern_source": "recorded_or_GAN_synthesized", "validation": "biological_TLS", "fidelity": "dynamical_attractor_match" }, "hardware": [ "pattern_generator_or_GAN", "stimulation_array", "NSP_validator" ], "detection": "Biological TLS (spatial dipole, H-H compliance, 1/f scaling, microstate, challenge-response), phase space attractor validation" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" }, { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "probable" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:H,CD:H,CV:I,RV:P → mood/trauma cluster" }, "icd10": { "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:D", "gap_group": 3, "gap_summary": "Phase dynamics replay affecting neural synchronization beyond CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC", "DI" ], "cci": 1.5 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "GAN-synthesized neural patterns need advanced stimulation arrays + decoder", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Martinovic et al. 2012", "Marcel & Millan 2007", "Zhang et al. 2024" ], "qif_contribution": "framework_mapping" }, "technique": "Phase dynamics replay/mimicry (GAN-synthesized or RF-injected neural trajectories)", "tara_alias": "TARA-VIS-M-001", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0068", "attack": "Bifurcation forcing (critical parameter manipulation to trigger neural state transitions)", "tactic": "QIF-N.MD", "bands": "I0→N1–N5", "band_ids": [ "I0", "N1", "N2", "N3", "N4", "N5" ], "coupling": null, "access": "RESTRICTED", "classical": "None (no traditional cybersecurity equivalent)", "quantum": "Native (bifurcation detection via critical slowing down — universal precursor with no baseline required)", "sources": [ "Izhikevich 2007 (Dynamical Systems in Neuroscience — bifurcation classification); Breakspear 2017 (Dynamic models of large-scale brain activity); Scheffer et al. 2009 (Early-warning signals for critical transitions, Nature); Maturana et al. 2020 (Critical slowing down as biomarker for seizure); Jirsa et al. 2014 (On the nature of seizure dynamics, Brain)" ], "status": "EMERGING", "severity": "critical", "ui_category": "PS", "notes": "Push neural parameters toward known bifurcation points (saddle-node, Hopf, homoclinic) to trigger catastrophic state transitions: resting→seizure, sleep→wake, focused→confused. Neurons near bifurcation exhibit critical slowing down (increased autocorrelation + variance) — a UNIVERSAL precursor requiring no individual baseline. BCI electrode arrays can both detect approaching bifurcation (defense) and induce it (attack) by injecting current at bifurcation-critical parameters. Severity: CRITICAL because bifurcation transitions in neural tissue can cause seizures, loss of consciousness, or permanent damage. Defense: CSD monitoring (autocorrelation + variance trending), parameter boundary enforcement at I0, rate limiting on stimulation current changes. Derivation Log Entry 45.", "legacy_ids": [], "legacy_technique_id": "T2063", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:C/CR:H/CD:H/CV:E/RV:P/NP:S", "score": 8.1, "severity": "high", "pins": true }, "cross_references": { "related_ids": [ "QIF-T0066" ], "secondary_tactics": [ "QIF-P.DS", "QIF-N.IJ" ] }, "tara": { "mechanism": "Manipulation of neural parameters toward bifurcation points to trigger catastrophic state transitions", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Responsive neurostimulation at seizure bifurcation (RNS/NeuroPace)", "conditions": [ "epilepsy (detect and abort seizure onset)", "Parkinson's (prevent freezing episodes)" ], "fda_status": "approved", "evidence_level": "RCT", "safe_parameters": "Critical slowing down detection; stimulate AWAY from bifurcation, not toward it", "sources": [ "Maturana et al. 2020 (Brain, CSD biomarker)", "Jirsa et al. 2014 (Brain, seizure dynamics)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Bifurcation parameter boundaries enforced; CSD monitoring mandatory; stimulation pushes AWAY from critical points" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "bifurcation_type": "saddle-node/Hopf/homoclinic", "CSD_metrics": "autocorrelation+variance", "intervention": "push_away" }, "hardware": [ "CSD_monitor", "real_time_processor", "responsive_stimulator" ], "detection": "Critical slowing down (autocorrelation + variance trending), parameter boundary monitoring, state transition prediction" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" }, { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" } ], "secondary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "probable" }, { "code": "F41.0", "name": "Panic Disorder", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "probable" }, { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "N5 (striatum/STN) → motor selection; N4 (thalamus/hypothalamus) → sensory gating", "niss_correlation": "BI:C,CR:H,CD:H,CV:E,RV:P,NP:S → motor/neurocognitive cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Seizure induction via neural bifurcation forcing — no CVSS equivalent for tissue harm" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": true, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.6, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage" ] } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Real-time CSD monitoring currently research-grade only", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Izhikevich 2007", "Breakspear 2017", "Scheffer et al. 2009" ], "qif_contribution": "threat_recontextualization" }, "technique": "Bifurcation forcing (critical parameter manipulation to trigger neural state transitions)", "tara_alias": "TARA-AUT-D-001", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0069", "attack": "Separatrix leakage (meta-biometric extraction from dynamical transition observations)", "tactic": "QIF-D.HV", "bands": "N3–N7→I0→S1", "band_ids": [ "N3", "N4", "N5", "N6", "N7", "I0", "S1" ], "coupling": null, "access": "LICENSED", "classical": "Partial (side-channel attacks exist but not via dynamical transitions)", "quantum": "Enhanced (phase space reconstruction reveals transition boundaries unique to individual neural dynamics)", "sources": [ "Finn et al. 2015 (Functional connectome fingerprinting, Nature Neuroscience); Martinovic et al. 2012 (P300 side-channel, USENIX Security); Da Silva Castanheira et al. 2021 (Individual brain charting, NeuroImage); Izhikevich 2007 (separatrix geometry in neural models)" ], "status": "THEORETICAL", "severity": "high", "ui_category": "EX", "notes": "Extract individual identity information by observing neural dynamical transitions (state changes, attractor switching, bifurcation responses). Each person's brain has unique separatrix geometry — the boundaries between attractor basins in phase space. By probing near these boundaries (via subtle stimuli or environmental manipulation) and observing which way the neural state falls, an attacker extracts a dynamical fingerprint without requiring enrollment or stored biometrics. This is a side-channel attack on the brain's dynamical structure. Defense: Rate-limit observable transitions at I0, add noise to transition timing, detect probing patterns. Derivation Log Entry 45.", "legacy_ids": [], "legacy_technique_id": "T2064", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:H/CV:E/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0009", "QIF-T0012" ], "secondary_tactics": [ "QIF-N.SC", "QIF-E.RD" ] }, "tara": { "mechanism": "Extraction of individual neural identity from dynamical system transition observations (separatrix geometry fingerprinting)", "dual_use": "probable", "clinical": { "therapeutic_analog": "Brain state detection for seizure prediction (transition pattern monitoring)", "conditions": [ "epilepsy seizure prediction", "sleep stage transition detection", "anesthesia depth monitoring" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Transition monitoring for clinical purpose only; identity data encrypted separately", "sources": [ "Finn et al. 2015 (Nat Neurosci, connectome fingerprinting)", "Cook et al. 2013 (Lancet Neurol, seizure prediction)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Dynamical fingerprint data is biometric; encrypted storage; no secondary use without consent" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "method": "phase_space_reconstruction", "features": "separatrix_geometry+attractor_basins" }, "hardware": [ "multichannel_recording", "phase_space_reconstructor", "transition_detector" ], "detection": "Transition rate monitoring, probe pattern detection, unauthorized phase space analysis detection" }, "dsm5": { "primary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" }, { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:H,CD:H,CV:E → cognitive/psychotic cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Meta-biometric extraction from separatrix dynamics beyond CVSS confidentiality" }, "neurorights": { "affected": [ "MP", "CL", "MI" ], "cci": 0.72 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Multichannel recording and phase-space reconstruction available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Finn et al. 2015", "Martinovic et al. 2012", "Izhikevich 2007" ], "qif_contribution": "threat_recontextualization" }, "technique": "Separatrix leakage (meta-biometric extraction from dynamical transition observations)", "tara_alias": "TARA-IDN-R-002", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0070", "attack": "Integrator/resonator type switching (tonic excitability manipulation)", "tactic": "QIF-N.MD", "bands": "I0→N1–N4", "band_ids": [ "I0", "N1", "N2", "N3", "N4" ], "coupling": null, "access": "RESTRICTED", "classical": "None (no traditional cybersecurity equivalent)", "quantum": "Native (QI detects computational mode shifts via firing pattern analysis — integrator vs resonator signatures are distinct)", "sources": [ "Izhikevich 2007 (Dynamical Systems in Neuroscience — integrator/resonator classification); Prescott et al. 2008 (Biophysical basis for three distinct dynamical mechanisms of action potential initiation, PLoS Computational Biology)" ], "status": "THEORETICAL", "severity": "high", "ui_category": "PS", "notes": "Neurons operate as either integrators (respond to coincident inputs, Type I excitability, saddle-node bifurcation) or resonators (prefer specific input frequencies, Type II excitability, Hopf bifurcation). Each QIF band (N1-N7) has a characteristic integrator/resonator composition. By manipulating tonic excitability via sustained current injection through BCI electrodes, an attacker can switch neurons from integrator to resonator mode or vice versa, fundamentally altering how neural circuits compute. This changes frequency selectivity, input sensitivity, and network synchronization — effectively reprogramming the local neural computation type. Defense: Band-specific firing mode monitoring (ISI distributions distinguish integrators from resonators), rate limiting on tonic current injection, computational mode baseline per band. Derivation Log Entry 45.", "legacy_ids": [], "legacy_technique_id": "T2065", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": true }, "cross_references": { "related_ids": [ "QIF-T0068" ], "secondary_tactics": [ "QIF-P.DS", "QIF-N.IJ" ] }, "tara": { "mechanism": "Switching neurons between integrator and resonator computational modes via sustained tonic current injection", "dual_use": "probable", "clinical": { "therapeutic_analog": "Excitability modulation in epilepsy and pain management", "conditions": [ "epilepsy (reduce excitability)", "chronic pain (modulate firing mode)", "tinnitus (cortical excitability)" ], "fda_status": "investigational", "evidence_level": "preclinical", "safe_parameters": "Bounded tonic current; firing mode monitoring; reversibility verification", "sources": [ "Izhikevich 2007 (Dynamical Systems in Neuroscience)", "Prescott et al. 2008 (PLoS Comp Biol)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Computational mode changes are potentially irreversible; monitoring mandatory; bounded current injection" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "current_type": "tonic (sustained DC)", "target": "excitability_mode", "monitoring": "ISI_distributions" }, "hardware": [ "constant_current_source", "firing_mode_classifier", "ISI_analyzer" ], "detection": "Interspike interval distribution analysis, firing mode classification, tonic current monitoring" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" }, { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" } ], "secondary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "probable" }, { "code": "F41.0", "name": "Panic Disorder", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "probable" }, { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "N4 (thalamus/hypothalamus) → sensory gating; N3 (cerebellar cortex/deep cerebellar nuclei) → motor coordination", "niss_correlation": "BI:H,CR:H,CD:H,CV:E,RV:P,NP:S → motor/neurocognitive cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Tonic/phasic neural mode switching causing tissue and cognitive harm beyond CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 1.44 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Precise current control for firing mode switching at I0", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Izhikevich 2007", "Prescott et al. 2008" ], "qif_contribution": "threat_recontextualization" }, "technique": "Integrator/resonator type switching (tonic excitability manipulation)", "tara_alias": "TARA-AUT-M-001", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0071", "attack": "Baseline adaptation poisoning (re-enrollment window exploitation)", "tactic": "QIF-C.IM", "bands": "S1→S2→I0", "band_ids": [ "S1", "S2", "I0" ], "coupling": null, "access": "LICENSED", "classical": "Partial (credential stuffing during password reset)", "quantum": "Enhanced (baseline-free biological TLS eliminates the attack surface entirely — no baselines to poison)", "sources": [ "Bigdely-Shamlo et al. 2015 (Brain activity-based image classification, Journal of Neural Engineering); Arias-Cabarcos et al. 2021 (EEG biometric system attacks); Debie et al. 2020 (Cross-session/cross-device replay)" ], "status": "EMERGING", "severity": "high", "ui_category": "DM", "notes": "Exploit the re-enrollment or adaptive baseline update window in BCI authentication systems. When a BCI recalibrates (daily calibration, post-seizure reset, firmware update, drift correction), inject adversarial signals during the enrollment period to corrupt the stored baseline. Three windows: (1) initial enrollment, (2) periodic recalibration, (3) drift-triggered adaptation. Once the baseline is poisoned, all subsequent authentication is compromised. This is the fundamental vulnerability that motivated QIF's baseline-free 'Biological TLS' architecture: by validating signals against universal biological physics (spatial dipole patterns, H-H compliance, 1/f scaling, microstates) rather than individual baselines, the entire attack surface is eliminated. Defense: Biological TLS validation (no baselines needed), multi-session enrollment consistency checks, anomaly detection during calibration windows. Derivation Log Entry 46.", "legacy_ids": [], "legacy_technique_id": "T2066", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:S", "score": 7.4, "severity": "high", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0066", "QIF-T0067" ], "secondary_tactics": [ "QIF-B.EV", "QIF-B.IN" ] }, "tara": { "mechanism": "Exploitation of BCI re-enrollment windows to inject poisoned baseline neural data", "dual_use": "probable", "clinical": { "therapeutic_analog": "Adaptive baseline recalibration for changing patient conditions", "conditions": [ "progressive neurological disease", "medication changes affecting neural signals", "post-surgical BCI recalibration" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Multi-session baseline verification; clinician-supervised re-enrollment; integrity checks", "sources": [ "Shenoy et al. 2013 (Annu Rev Neurosci)", "Orsborn et al. 2014 (Neuron, closed-loop adaptation)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Re-enrollment windows are security-critical; multi-factor verification; historical baseline comparison mandatory" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "attack_surface": "re-enrollment_window", "persistence": "until_next_recalibration" }, "hardware": [ "baseline_recording_system", "integrity_verifier", "historical_baseline_store" ], "detection": "Baseline-free biological TLS (eliminates baseline dependency), historical comparison, multi-session validation" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" } ], "secondary": [], "risk_class": "direct", "cluster": "persistent_personality", "pathway": "I0 (electrode-tissue boundary) → measurement", "niss_correlation": "CR:H,CD:H,CV:I,RV:P,NP:S → persistent/personality cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:H/SA:L", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "Baseline adaptation poisoning causing persistent cognitive drift beyond CVSS" }, "neurorights": { "affected": [ "MP", "CL", "MI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.6, "gaps": [ "CVSS cannot express neural-specific impacts", "High neural impact (NISS >= 7.0) without IEC 62443 coverage", "Consent complexity under-matches neural impact (CCI/NISS mismatch)" ] } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Needs access to adaptive baseline re-enrollment pipeline", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Bigdely-Shamlo et al. 2015", "Arias-Cabarcos et al. 2021" ], "qif_contribution": "framework_mapping" }, "technique": "Baseline adaptation poisoning (re-enrollment window exploitation)", "tara_alias": "TARA-SIL-M-017", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0072", "attack": "Transducer inversion (acoustic eavesdropping via speaker-to-microphone reprogramming)", "tactic": "QIF-S.RP", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "No (purely classical hardware/firmware exploit)", "sources": [ "Guri et al. 2017 (SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit, arXiv:1611.07350)", "RealTek HD Audio Codec specification (jack retasking registers)", "Deshotels 2014 (Inaudible sound as a covert channel)" ], "status": "CONFIRMED", "severity": "high", "ui_category": "SE", "notes": "Consumer audio hardware (earbuds, headphones, speakers) uses electromagnetic transducers that are physically bidirectional — a speaker cone can capture sound pressure waves just as a microphone diaphragm does. RealTek HD Audio codecs (used in most consumer PCs and many embedded devices) expose jack retasking registers that allow software to reassign an output jack as an input. The SPEAKE(a)R attack (Ben-Gurion University, 2017) demonstrated recording intelligible audio through headphones connected to an output-only jack by reprogramming the codec. In a supply chain attack scenario, generic earbuds (which lack proprietary protocol protections like Apple's W1/H1 chip authentication) could be modified at the factory or distribution level to include firmware that silently enables input mode, turning every pair of compromised earbuds into an ambient microphone. The captured audio is routed through the normal audio data path, making detection difficult. This is a pre-BCI eavesdropping vector: before any neural signal is involved, the attacker has ambient audio from the user's environment.", "legacy_ids": [], "legacy_technique_id": "T2067", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "T1195.002", "T1557", "T1040" ], "secondary_tactics": [ "QIF-B.IN", "QIF-D.HV" ] }, "tara": { "mechanism": "Electromagnetic transducer bidirectionality exploited via codec register retasking to convert audio output hardware into covert microphone", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "codec_register_state", "audio_routing_audit", "supply_chain_verification" ], "regulations": [ "FCC Part 15", "ECPA (18 U.S.C. § 2511)", "GDPR Art. 5", "EU Cyber Resilience Act" ], "data_classification": "PII", "safety_ceiling": "Audio codec jack retasking registers should be locked post-boot; firmware signing mandatory; supply chain attestation" }, "engineering": { "coupling": [ "acoustic", "electromagnetic" ], "parameters": { "frequency_response_Hz": "20-3400 (degraded vs dedicated mic)", "SNR_dB": "~25 (sufficient for speech intelligibility)", "codec_registers": "RealTek jack retasking (vendor-specific)" }, "hardware": [ "electromagnetic_transducer", "audio_codec_with_retasking", "ADC_path" ], "detection": "Codec register monitoring, jack sense state auditing, firmware integrity verification, unexpected ADC activity on output channels" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:C", "gap_group": 1, "gap_summary": "Standard eavesdropping via hardware repurposing; CVSS confidentiality metrics apply well" }, "feeds_into": { "targets": [ "QIF-B.IN", "QIF-D.HV" ], "note": "Speaker→mic repurposing enables BCI intrusion pathway and data harvest" }, "neurorights": { "affected": [ "MP" ], "cci": 0.12 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "No FDA pathway for consumer sensor exploitation", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Audio codec retasking demonstrated (Realtek CVE)", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Guri et al. 2017", "Deshotels 2014" ], "qif_contribution": "threat_recontextualization" }, "technique": "Transducer inversion (acoustic eavesdropping via speaker-to-microphone reprogramming)", "tara_alias": "TARA-SIL-R-007", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0073", "attack": "Ear-canal neural eavesdropping via modified consumer earbud (supply chain in-ear EEG)", "tactic": "QIF-S.RP", "bands": "S1→I0→N1–N3", "band_ids": [ "S1", "I0", "N1", "N2", "N3" ], "coupling": "CONTACT", "access": null, "classical": "Partial (EEG artifact detection exists but not in consumer devices)", "quantum": "Enhanced (QI coherence metric would detect unauthorized neural data acquisition if deployed)", "sources": [ "Kaveh et al. 2020 (In-ear EEG: robust, unobtrusive, automatic, IEEE Trans Biomed Eng)", "Idun Technologies 2023 (Guardian in-ear EEG sensor)", "Debener et al. 2015 (cEEGrid: compact ear-EEG, J Neural Eng)", "Bleichner & Debener 2017 (Concealed, unobtrusive ear-centered EEG acquisition, Front Hum Neurosci)", "Looney et al. 2012 (In-the-ear recording concept, IEEE EMBC)" ], "status": "EMERGING", "severity": "critical", "ui_category": "SE", "notes": "The ear canal is 5-10mm from temporal cortex through the canal wall and temporal bone — close enough for a conductive ear tip with a high-gain biopotential amplifier to capture cortical EEG. Commercial in-ear EEG has been proven viable (Idun Guardian, cEEGrid, Cognionics). In a supply chain attack, a consumer earbud is modified to include: (1) a conductive silicone ear tip that makes galvanic contact with ear canal skin, (2) a sub-$5 biopotential amplifier (e.g., ADS1299 or TI ADS129x family) hidden in the earbud housing, and (3) modified firmware that multiplexes captured EEG data alongside normal audio. The captured signals include auditory evoked potentials (AEP), P300 attention markers, N400 semantic processing indicators, and alpha/theta power reflecting cognitive state. Generic earbuds lacking proprietary authentication (unlike Apple AirPods with W1/H1 chip) are the attack surface. The attacker gets continuous neural telemetry from a device the target wears voluntarily for hours daily. This is the bridge technique between QIF-T0072 (acoustic eavesdropping) and QIF-T0074 (cognitive inference): it turns a consumer audio device into a covert neural recording platform.", "legacy_ids": [], "legacy_technique_id": "T2068", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0003", "QIF-T0072", "QIF-T0074", "QIF-T0079", "T1195.002" ], "secondary_tactics": [ "QIF-B.IN", "QIF-N.SC", "QIF-D.HV" ] }, "tara": { "mechanism": "Conductive ear tip and embedded biopotential amplifier in consumer earbud captures in-ear EEG from temporal cortex via ear canal proximity", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "In-ear EEG for seizure detection, sleep staging, cognitive monitoring", "conditions": [ "epilepsy monitoring (continuous ambulatory EEG)", "sleep disorder diagnosis", "ADHD attention monitoring", "anesthesia depth monitoring" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Passive recording only; conductive gel ear tips; <100 µV signal range; no stimulation", "sources": [ "Kaveh et al. 2020 (IEEE Trans Biomed Eng)", "Debener et al. 2015 (J Neural Eng, cEEGrid validation)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log", "supply_chain_verification" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "EU AI Act (high-risk biometric)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Neural data collection requires explicit informed consent; ear-tip biocompatibility (ISO 10993); data encrypted at rest and in transit" }, "engineering": { "coupling": [ "electromagnetic", "galvanic" ], "parameters": { "electrode_distance_mm": "5-10 (canal wall to temporal cortex)", "signal_range_uV": "1-100", "bandwidth_Hz": "0.5-100", "amplifier_gain": "1000-10000x", "ADC_bits": "24" }, "hardware": [ "conductive_ear_tip", "biopotential_amplifier", "24bit_ADC", "bluetooth_transceiver", "earbud_housing" ], "detection": "Impedance monitoring at ear tip contact, unexpected BLE data volume, firmware integrity verification, current draw anomaly detection" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" }, { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" } ], "secondary": [ { "code": "F32", "name": "Major Depressive Disorder", "confidence": "probable" }, { "code": "F41.0", "name": "Panic Disorder", "confidence": "probable" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "N3 (cerebellar cortex/deep cerebellar nuclei) → motor coordination; N2 (medulla/pons) → vital functions", "niss_correlation": "CV:I → motor/neurocognitive cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:Y/R:A/V:C", "gap_group": 3, "gap_summary": "Covert neural data capture from consumer device — mental privacy violation not expressible in CVSS confidentiality" }, "feeds_into": { "targets": [ "QIF-T0003", "QIF-N.SC", "QIF-D.HV" ], "note": "Earbud→EEG repurposing feeds neural scanning and data harvest; relates to T0003 (signal injection)" }, "neurorights": { "affected": [ "MP", "MI", "DI" ], "cci": 0.9 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.3, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Modified consumer earbuds with biopotential amp demonstrated", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Kaveh et al. 2020", "Debener et al. 2015" ], "qif_contribution": "threat_recontextualization" }, "technique": "Ear-canal neural eavesdropping via modified consumer earbud (supply chain in-ear EEG)", "tara_alias": "TARA-COG-R-009", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0074", "attack": "Cognitive inference from longitudinal in-ear EEG (personalized cognitive profiling)", "tactic": "QIF-S.HV", "bands": "N3–N7→S2→S3", "band_ids": [ "N3", "N4", "N5", "N6", "N7", "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (QI privacy filter enables data minimization; coherence metric detects unauthorized cognitive profiling)", "sources": [ "Martinovic et al. 2012 (On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces, USENIX Security)", "Landau et al. 2020 (Mind Reading: An Idea Whose Time Has Come?)", "Roy et al. 2019 (Deep learning-based EEG analysis, J Neural Eng)", "Kostas et al. 2021 (BENDR: EEG foundation model, Front Hum Neurosci)", "Chen et al. 2024 (Large-scale EEG pre-training for cognitive state decoding)" ], "status": "EMERGING", "severity": "critical", "ui_category": "EX", "notes": "Given continuous in-ear EEG from QIF-T0073, an ML pipeline trained on the target's neural data over days-to-weeks builds a personalized cognitive profile. Phase 1: baseline extraction (resting alpha power, theta/beta ratio, individual alpha frequency). Phase 2: event-related feature learning (P300 amplitude to stimuli, N400 to semantic content, auditory steady-state responses). Phase 3: longitudinal pattern recognition (attention cycles, emotional valence responses, fatigue signatures, cognitive load indicators). Phase 4: adaptive exploitation — the attacker can now predict the target's cognitive state in real-time and optimize content delivery (ads, misinformation, persuasion) to moments of maximal susceptibility (high theta/low beta = low vigilance, elevated P300 = high attention to specific content). This is the cognitive analog of behavioral advertising but operating on neural signals rather than click patterns. Foundation models for EEG (BENDR, LaBraM) make transfer learning from small per-user datasets feasible. The attack chain is: QIF-T0072 (acoustic access) → QIF-T0073 (neural data capture) → QIF-T0074 (cognitive exploitation).", "legacy_ids": [], "legacy_technique_id": "T2069", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:H/CV:I/RV:F/NP:T", "score": 4.0, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0041", "QIF-T0073", "QIF-T0036", "T1005", "T1119" ], "secondary_tactics": [ "QIF-D.HV", "QIF-M.SV", "QIF-C.EX" ] }, "tara": { "mechanism": "Machine learning model trained on longitudinal in-ear EEG data to infer cognitive states, build personalized profiles, and enable adaptive neural-targeted content manipulation", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Longitudinal EEG monitoring for neurofeedback and cognitive rehabilitation", "conditions": [ "ADHD neurofeedback training", "depression treatment monitoring (alpha asymmetry tracking)", "cognitive decline early detection (MCI/Alzheimer's)", "personalized learning optimization" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "Informed consent for cognitive profiling; purpose limitation to therapeutic goals; data minimization; right to deletion", "sources": [ "Arns et al. 2009 (Biol Psychology, neurofeedback for ADHD)", "Babiloni et al. 2016 (Neurobiol Aging, EEG biomarkers)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal", "model_output_audit" ], "regulations": [ "HIPAA", "GDPR Art. 9 (biometric data)", "GDPR Art. 22 (automated decision-making)", "EU AI Act (high-risk biometric processing)", "proposed neurorights legislation", "FTC Act Section 5 (unfair practices)" ], "data_classification": "sensitive_neural", "safety_ceiling": "Cognitive profiling requires explicit opt-in consent; model interpretability mandatory; no dark-pattern exploitation of inferred states; right to cognitive liberty" }, "engineering": { "coupling": [ "computational" ], "parameters": { "training_data_hours": "10-100 (personalization threshold)", "features": "spectral_power, ERPs, connectivity, temporal_dynamics", "model_type": "transformer/CNN (fine-tuned from EEG foundation model)", "inference_latency_ms": "<500", "classification_accuracy": "70-90% (state-dependent)" }, "hardware": [ "ML_inference_engine", "EEG_feature_pipeline", "cloud_or_edge_compute", "content_delivery_system" ], "detection": "Cognitive profiling audit logging, neural data access monitoring, model output explainability, anomalous content personalization detection" }, "dsm5": { "primary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F44", "name": "Dissociative Disorders", "confidence": "probable" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F10", "name": "Alcohol-related disorders (F10)", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" }, { "code": "F95", "name": "Tic Disorders", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" }, { "code": "F43.10", "name": "PTSD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F50", "name": "Eating Disorders", "confidence": "established" }, { "code": "F52", "name": "Sexual Dysfunctions", "confidence": "probable" }, { "code": "F60", "name": "Personality Disorders", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation", "niss_correlation": "CR:H,CD:H,CV:I → cognitive/psychotic cluster" }, "icd10": { "primary": [ { "code": "G47", "name": "Sleep-Wake Disorders", "confidence": "established" } ], "secondary": [ { "code": "G25.89", "name": "Other specified extrapyramidal and movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "supplemental": "S:P/AU:Y/R:A/V:D", "gap_group": 3, "gap_summary": "Longitudinal cognitive profiling and adaptive neural manipulation — cognitive liberty violation has no CVSS equivalent" }, "feeds_into": { "targets": [ "QIF-T0041", "QIF-C.EX", "QIF-M.SV" ], "note": "Cognitive profiling via consumer sensors feeds cognitive exploitation and model subversion" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.3, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Longitudinal in-ear EEG with ML inference demonstrated", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Martinovic et al. 2012", "Landau et al. 2020" ], "qif_contribution": "framework_mapping" }, "technique": "Cognitive inference from longitudinal in-ear EEG (personalized cognitive profiling)", "tara_alias": "TARA-COG-R-010", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0075", "attack": "Ultrasonic sonar vital sign extraction (inaudible Doppler physiological sensing)", "tactic": "QIF-S.HV", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "ACOUSTIC", "access": null, "classical": "Yes", "quantum": "No (purely classical acoustic physics)", "sources": [ "Wang et al. 2019 (UltraSense: contactless vital sign monitoring via ultrasound, ACM MobiSys)", "Nandakumar et al. 2015 (Contactless Sleep Apnea Detection on Smartphones, ACM MobiSys)", "Xu et al. 2019 (Waveear: phone-based ear biometric via ultrasonic, IEEE INFOCOM)", "Ling et al. 2020 (UltraGesture: fine-grained gesture recognition via ultrasonic)", "Google Pixel Soli/Nest Hub Sleep Sensing (production deployment of radar/ultrasonic vital signs)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "SE", "notes": "A phone or earbud speaker emits an inaudible continuous-wave ultrasonic tone (18-22 kHz, within transducer bandwidth but above human hearing threshold). The built-in microphone captures the reflected signal. Chest wall motion from breathing (amplitude: ~5mm) and heartbeat (amplitude: ~0.1mm) create Doppler shifts in the reflected ultrasound that are demodulable with standard DSP. The technique is: (1) covert — the ultrasonic tone is inaudible to the target, (2) contactless — works from across a room (demonstrated up to 0.5m for heart rate, several meters for respiration), (3) requires NO hardware modification — stock smartphone speakers and microphones are sufficient, and (4) can be deployed as a background process in any app with microphone permission. Google's Nest Hub Sleep Sensing and academic research (UltraSense, Nandakumar et al.) have demonstrated production-quality vital sign extraction via this method. Attack scenario: any app with mic access silently emits ultrasound and extracts heart rate, breathing rate, and movement patterns. Combined with QIF-T0079 (ear canal fingerprinting), the attacker gets identity + vitals from the same acoustic pipeline.", "legacy_ids": [], "legacy_technique_id": "T2070", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:E/RV:F/NP:N", "score": 1.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0076", "QIF-T0078", "QIF-T0079", "T1040", "T1123" ], "secondary_tactics": [ "QIF-N.SC", "QIF-D.HV" ] }, "tara": { "mechanism": "Inaudible ultrasonic continuous-wave emission from consumer speaker with Doppler shift analysis of reflected signal to extract cardiac and respiratory micro-movements", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Contactless vital sign monitoring for sleep studies and elder care", "conditions": [ "sleep apnea detection (FDA-cleared: Google Nest Hub)", "contactless infant breathing monitoring", "elder care fall detection and vital signs", "post-surgical respiration monitoring" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "Ultrasonic emission <85 dB SPL at 20cm; within OSHA hearing conservation limits; no tissue heating at consumer power levels", "sources": [ "Nandakumar et al. 2015 (MobiSys, sleep apnea)", "Google 2021 (Nest Hub 2nd gen sleep sensing, FCC/FDA clearance)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "ultrasonic_emission_detection", "microphone_access_audit", "data_encryption_status", "app_permission_review" ], "regulations": [ "HIPAA (if health data derived)", "GDPR Art. 9 (health data)", "FCC Part 15 (ultrasonic emissions)", "FDA 510(k) (if marketed as health device)" ], "data_classification": "PHI", "safety_ceiling": "Ultrasonic emission power within consumer device limits; informed consent for physiological monitoring; data retention limits" }, "engineering": { "coupling": [ "acoustic" ], "parameters": { "carrier_frequency_kHz": "18-22", "doppler_shift_Hz": "0.01-5 (heartbeat/breathing modulation)", "range_m": "0.1-3 (heart rate), 0.5-8 (respiration)", "SNR_requirement_dB": ">15" }, "hardware": [ "consumer_speaker", "consumer_microphone", "DSP_processor" ], "detection": "Ultrasonic emission spectrum monitoring (18-22 kHz band), microphone permission auditing, unexpected speaker activity during idle, spectral analysis of ambient ultrasound" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Covert physiological data extraction partially captured by CVSS confidentiality; health privacy dimension not fully expressed" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-P.DS" ], "note": "Ultrasonic vital sign extraction feeds physiological data harvest" }, "neurorights": { "affected": [ "MP", "DI" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS partially captures risk; neural dimensions missing" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Consumer speakers and microphones sufficient", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Wang et al. 2019", "Nandakumar et al. 2015" ], "qif_contribution": "threat_recontextualization" }, "technique": "Ultrasonic sonar vital sign extraction (inaudible Doppler physiological sensing)", "tara_alias": "TARA-AUT-R-001", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0076", "attack": "Haptic motor body sonar (taptic engine repurposing for tissue impedance profiling)", "tactic": "QIF-S.HV", "bands": "S1→S2", "band_ids": [ "S1", "S2" ], "coupling": "ACOUSTIC", "access": "RESTRICTED", "classical": "Yes", "quantum": "No (classical acoustic impedance measurement)", "sources": [ "Ding et al. 2020 (Body-area acoustic sensing: skin vibration for health monitoring)", "Chen et al. 2021 (EarHealth: in-ear acoustic sensing for health monitoring, ACM IMWUT)", "Yao et al. 2022 (Vibration-based tissue characterization with consumer wearables)", "Apple Taptic Engine patents (linear resonant actuator, broadband excitation capability)" ], "status": "THEORETICAL", "severity": "medium", "ui_category": "SE", "notes": "A phone's haptic actuator (e.g., Apple Taptic Engine, linear resonant actuator) is driven at known frequencies (100 Hz - 5 kHz sweep) while in contact with the body. The built-in accelerometer and/or microphone measures the tissue response: acoustic impedance varies by tissue type (bone, muscle, fat, fluid), depth, and composition. This is a simplified form of acoustic impedance spectroscopy or elastography using consumer hardware. The technique requires: (1) physical contact between device and body (phone against skin), (2) firmware-level or jailbreak access to drive the haptic motor at arbitrary frequencies (consumer APIs limit haptic patterns), and (3) raw accelerometer access at high sample rates. Potential extractions: body composition estimation, subcutaneous fluid detection (edema), bone density approximation, tissue stiffness changes. This is significantly lower resolution than clinical ultrasound elastography but could distinguish gross tissue categories. The attack surface is narrow (requires physical contact + firmware access), but wearable devices (Apple Watch, fitness bands) that maintain constant skin contact and contain both haptic motors and accelerometers present an always-on version of this attack.", "legacy_ids": [], "legacy_technique_id": "T2071", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:E/RV:F/NP:N", "score": 1.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0075", "QIF-T0078", "T1005" ], "secondary_tactics": [ "QIF-N.SC", "QIF-D.HV" ] }, "tara": { "mechanism": "Haptic actuator driven at swept frequencies against body surface; accelerometer measures tissue acoustic impedance response for composition profiling", "dual_use": "probable", "clinical": { "therapeutic_analog": "Acoustic impedance spectroscopy for body composition and edema monitoring", "conditions": [ "body composition assessment (fat/muscle ratio)", "edema detection (heart failure monitoring)", "bone density screening", "wound healing monitoring" ], "fda_status": "none", "evidence_level": "preclinical", "safe_parameters": "Haptic motor output <2G acceleration; frequency sweep within consumer actuator range; no tissue heating", "sources": [ "Ding et al. 2020 (body-area acoustic sensing)", "Chen et al. 2021 (ACM IMWUT, EarHealth)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "haptic_motor_usage_audit", "accelerometer_access_logging", "firmware_integrity", "data_encryption_status" ], "regulations": [ "HIPAA (if health data derived)", "GDPR Art. 9 (health data)", "IEC 60601-1 (if used as medical device)", "FDA 510(k) (if marketed for body composition)" ], "data_classification": "PHI", "safety_ceiling": "Haptic output within consumer device safety limits; informed consent for body composition data; no sustained high-frequency vibration" }, "engineering": { "coupling": [ "acoustic", "mechanical" ], "parameters": { "frequency_sweep_Hz": "100-5000", "accelerometer_sample_rate_Hz": ">1000", "contact_force_N": "1-5 (phone against skin)", "resolution": "gross tissue type (bone/muscle/fat/fluid)" }, "hardware": [ "linear_resonant_actuator", "accelerometer", "MEMS_microphone", "DSP_processor" ], "detection": "Unexpected haptic motor activation patterns, accelerometer access during non-UI haptic events, firmware integrity verification" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:N/AU:N/R:A/V:D", "gap_group": 2, "gap_summary": "Body composition extraction via consumer hardware partially captured by CVSS; health data sensitivity not fully expressed" }, "feeds_into": { "targets": [ "QIF-D.HV" ], "note": "Haptic body sonar feeds physiological data harvest" }, "neurorights": { "affected": [ "MP" ], "cci": 0.2 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.7, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Taptic engine and MEMS sensors in current devices", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Ding et al. 2020", "Chen et al. 2021" ], "qif_contribution": "threat_recontextualization" }, "technique": "Haptic motor body sonar (taptic engine repurposing for tissue impedance profiling)", "tara_alias": "TARA-SOM-R-001", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0077", "attack": "IR vascular mapping via Face ID system (NIR hemoglobin absorption imaging)", "tactic": "QIF-S.HV", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "OPTICAL", "access": "RESTRICTED", "classical": "Yes", "quantum": "No (classical near-infrared spectroscopy)", "sources": [ "Apple TrueDepth Camera System (Face ID, 30,000 IR dots at 940nm)", "Crouzet et al. 2016 (Cerebrovascular mapping using NIR, NeuroImage)", "Gupta et al. 2020 (Vein pattern recognition biometrics, IEEE Access)", "Krishnaswamy & Baranoski 2004 (Bio-physically based rendering of human skin)", "Hardeberg & Farup 2004 (NIR skin penetration depth models)" ], "status": "EMERGING", "severity": "high", "ui_category": "SE", "notes": "Apple's Face ID TrueDepth system projects 30,000 infrared dots at 940nm onto the user's face and reads the reflection pattern with an IR camera. At 940nm, photons penetrate skin to a depth of 2-5mm — well into the dermal vascular layer. Oxygenated hemoglobin (HbO2) and deoxygenated hemoglobin (Hb) have different absorption coefficients at 940nm, meaning the reflected dot pattern encodes subsurface vascular topology: arterial vs venous vessels, vessel diameter, branching patterns, and oxygenation gradients. This vascular map is a permanent biometric (unlike facial features, which change with age/surgery/expression) and is unique per individual (even identical twins have different vascular topology). In the attack scenario, a jailbroken iPhone or compromised Face ID firmware extracts raw IR reflection data (normally processed in the Secure Enclave and discarded) during routine phone unlock. The target never knows their vascular biometric has been captured. Every phone unlock becomes a silent biometric scan. This is analogous to fingerprinting (unreplaceable biometric) but captured at range and without the target's awareness. Combined with QIF-T0078 (pulse waveform), the same IR system yields both vascular structure and cardiac dynamics.", "legacy_ids": [], "legacy_technique_id": "T2072", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0032", "QIF-T0078", "QIF-T0036", "T1040", "T1556" ], "secondary_tactics": [ "QIF-N.SC", "QIF-B.IN", "QIF-D.HV" ] }, "tara": { "mechanism": "Face ID IR dot projector (940nm) captures subsurface vascular topology via differential hemoglobin absorption; raw IR data extracted from compromised Secure Enclave pipeline", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Near-infrared spectroscopy (NIRS) for cerebral and peripheral vascular imaging", "conditions": [ "peripheral artery disease screening", "diabetic vascular assessment", "tissue oxygenation monitoring (wound care)", "cerebral hemodynamics (fNIRS)" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "940nm NIR at Face ID power levels (<1 mW/cm²); IEC 62471 photobiological safety; no thermal risk at consumer power", "sources": [ "Crouzet et al. 2016 (NeuroImage, cerebrovascular NIR)", "Gupta et al. 2020 (IEEE Access, vein pattern biometrics)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "secure_enclave_integrity", "IR_sensor_access_audit", "biometric_data_handling", "firmware_integrity" ], "regulations": [ "GDPR Art. 9 (biometric data)", "Illinois BIPA (biometric data capture without consent)", "CCPA (biometric identifiers)", "IEC 62471 (photobiological safety)", "proposed neurorights legislation" ], "data_classification": "PII", "safety_ceiling": "IR exposure within IEC 62471 exempt group; biometric data processed in Secure Enclave; raw IR data never leaves hardware security module" }, "engineering": { "coupling": [ "optical" ], "parameters": { "wavelength_nm": 940, "dot_count": 30000, "skin_penetration_mm": "2-5", "frame_rate_Hz": 30, "power_mW_cm2": "<1" }, "hardware": [ "VCSEL_dot_projector", "IR_camera", "secure_enclave", "depth_processor" ], "detection": "Secure Enclave attestation, IR sensor access logging, unexpected TrueDepth API usage, jailbreak detection" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:N/R:U/V:C", "gap_group": 2, "gap_summary": "Permanent vascular biometric extraction partially captured by CVSS; unreplaceable biometric loss (like neural biometric) not fully expressible" }, "feeds_into": { "targets": [ "QIF-T0032", "QIF-D.HV", "QIF-B.IN" ], "note": "IR vascular mapping feeds biometric identity + data harvest + intrusion targeting" }, "neurorights": { "affected": [ "MP", "DI" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Face ID NIR hardware in current iPhones", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Crouzet et al. 2016", "Gupta et al. 2020" ], "qif_contribution": "threat_recontextualization" }, "technique": "IR vascular mapping via Face ID system (NIR hemoglobin absorption imaging)", "tara_alias": "TARA-AUT-R-002", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0078", "attack": "LiDAR remote pulse detection (laser Doppler vibrometry for cardiac waveform extraction)", "tactic": "QIF-S.HV", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "OPTICAL", "access": "RESTRICTED", "classical": "Yes", "quantum": "No (classical Doppler vibrometry)", "sources": [ "Apple iPhone LiDAR Scanner (dToF, 940nm VCSEL array, introduced iPhone 12 Pro)", "Bernal et al. 2018 (Non-contact physiological monitoring using laser Doppler vibrometry)", "Antognoli et al. 2020 (Contactless heart rate measurement via laser Doppler vibrometry, Sensors)", "Sun et al. 2022 (Smartphone LiDAR for physiological sensing, IEEE Sensors J)", "Rothberg et al. 2017 (Comprehensive review of laser Doppler vibrometry, Opt Lasers Eng)" ], "status": "THEORETICAL", "severity": "high", "ui_category": "SE", "notes": "The iPhone LiDAR scanner uses a VCSEL (vertical-cavity surface-emitting laser) array emitting pulsed 940nm infrared laser light and a SPAD (single-photon avalanche diode) detector array measuring time-of-flight. In normal operation, it measures depth for AR applications. However, the same hardware can function as a simplified laser Doppler vibrometer (LDV): when the laser beam reflects off skin, the pulse wave from cardiac activity causes micro-vibrations (amplitude ~1-10 µm) on the skin surface. These vibrations create measurable Doppler shifts or time-of-flight variations in the reflected laser signal. Extracting the cardiac pulse waveform from LiDAR data requires raw access to the SPAD photodetector output (timing resolution in picoseconds) rather than the processed depth map. This requires either a jailbreak, hardware teardown, or compromised firmware. The extracted pulse waveform contains: heart rate, heart rate variability (HRV), pulse transit time (correlated with blood pressure), and potentially cardiac arrhythmia signatures. Unlike QIF-T0075 (ultrasonic sonar), this is optical and directional, requiring line-of-sight but working at greater precision for skin-surface vibrations. Range is limited to ~5m (LiDAR operational range) but could be extended with higher-power laser sources.", "legacy_ids": [], "legacy_technique_id": "T2073", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:E/RV:F/NP:N", "score": 1.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0075", "QIF-T0077", "T1040", "T1005" ], "secondary_tactics": [ "QIF-N.SC", "QIF-D.HV" ] }, "tara": { "mechanism": "iPhone VCSEL LiDAR array measures skin surface micro-vibrations via Doppler shift in reflected 940nm laser; pulse waveform extracted from raw SPAD photodetector timing data", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Laser Doppler vibrometry for contactless cardiac monitoring", "conditions": [ "contactless vital sign monitoring in burn units", "neonatal heart rate monitoring (no adhesive sensors)", "remote triage in mass casualty events", "sleep lab cardiac monitoring" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "940nm laser at Class 1 eye-safe power levels (IEC 60825-1); <1 mW accessible emission; no tissue heating", "sources": [ "Bernal et al. 2018 (Laser Doppler vibrometry for physiology)", "Antognoli et al. 2020 (Sensors, LDV heart rate)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "LiDAR_sensor_access_audit", "raw_SPAD_data_access", "firmware_integrity", "data_encryption_status" ], "regulations": [ "HIPAA (if health data derived)", "GDPR Art. 9 (health data)", "IEC 60825-1 (laser safety Class 1)", "FDA 510(k) (if marketed for cardiac monitoring)" ], "data_classification": "PHI", "safety_ceiling": "Laser emission within IEC 60825-1 Class 1 limits; raw SPAD data access requires hardware security module bypass; informed consent for physiological data extraction" }, "engineering": { "coupling": [ "optical" ], "parameters": { "wavelength_nm": 940, "detector_type": "SPAD (single-photon avalanche diode)", "timing_resolution_ps": "<100", "skin_vibration_amplitude_um": "1-10", "operational_range_m": "0.5-5", "laser_class": "1 (eye-safe)" }, "hardware": [ "VCSEL_array", "SPAD_detector_array", "time_correlator", "DSP_processor" ], "detection": "LiDAR sensor access logging, unexpected dToF measurements directed at people, raw SPAD data access monitoring, jailbreak detection" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:N/AU:N/R:A/V:D", "gap_group": 2, "gap_summary": "Contactless cardiac waveform extraction partially captured by CVSS confidentiality; physiological privacy dimension not fully expressed" }, "feeds_into": { "targets": [ "QIF-D.HV" ], "note": "LiDAR pulse detection feeds physiological data harvest" }, "neurorights": { "affected": [ "MP", "DI" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "LiDAR in current iPhones and iPads", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Bernal et al. 2018", "Antognoli et al. 2020" ], "qif_contribution": "threat_recontextualization" }, "technique": "LiDAR remote pulse detection (laser Doppler vibrometry for cardiac waveform extraction)", "tara_alias": "TARA-AUT-R-003", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0079", "attack": "Ear canal acoustic fingerprinting (ANC echo profiling for covert identification)", "tactic": "QIF-S.FP", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "ACOUSTIC", "access": null, "classical": "Yes", "quantum": "No (classical acoustic resonance measurement)", "sources": [ "NEC Corporation 2016 (Ear acoustic authentication technology)", "Gao et al. 2019 (EarEcho: Continuous ear canal authentication, ACM IMWUT)", "Fan et al. 2021 (HeadFi: continuous earphone authentication using ear biometrics, ACM SenSys)", "Apple AirPods Pro ANC system (feedforward + feedback microphones, adaptive transparency)", "Akkermans et al. 2005 (Acoustic ear recognition, IEEE ICB)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "CI", "notes": "Active noise cancellation (ANC) earbuds already contain the complete hardware for ear canal acoustic fingerprinting: an inward-facing (feedback) microphone that measures sound inside the ear canal, an outward-facing (feedforward) microphone, and a speaker that can emit probe tones. When the speaker emits a broadband chirp or swept sine, the inward-facing microphone captures the echo profile shaped by the ear canal's unique geometry: length (~25mm), diameter (~7mm), tympanic membrane compliance, and the specific curvature of the bends. This acoustic transfer function is a biometric — NEC demonstrated it for authentication with >99% accuracy. In the attack scenario, the ANC system's existing probe tones (used for adaptive fit detection and transparency mode calibration) are leveraged to silently fingerprint the wearer without their knowledge. The earbuds know WHO is wearing them at all times. Combined with audioplethysmography (PPG via in-ear speaker/mic measuring blood volume changes), the same hardware simultaneously provides identity + heart rate: a silent surveillance pipeline requiring zero hardware modification on ANC earbuds. Attack surface: firmware update, compromised ANC calibration routine, or malicious SDK in earbud companion app.", "legacy_ids": [], "legacy_technique_id": "T2074", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0032", "QIF-T0036", "QIF-T0073", "QIF-T0075", "T1040", "T1556" ], "secondary_tactics": [ "QIF-D.HV", "QIF-B.IN", "QIF-N.SC" ] }, "tara": { "mechanism": "ANC earbud speaker emits probe tone; feedback microphone captures ear canal echo profile shaped by unique anatomical geometry; acoustic transfer function serves as biometric identifier", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Ear canal acoustic authentication for medical device access control", "conditions": [ "hearing aid personalization (acoustic fit verification)", "continuous authentication for hearing-assistive BCIs", "otoacoustic emission screening (newborn hearing tests)", "middle ear health monitoring (tympanometry equivalent)" ], "fda_status": "none", "evidence_level": "cohort", "safe_parameters": "Probe tones within ANC operational range (20 Hz - 10 kHz); SPL within hearing safety limits (<85 dB); brief duration (<100ms per probe)", "sources": [ "NEC Corporation 2016 (ear acoustic authentication)", "Gao et al. 2019 (ACM IMWUT, EarEcho)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "ANC_probe_tone_audit", "biometric_data_handling", "firmware_integrity", "companion_app_permissions" ], "regulations": [ "GDPR Art. 9 (biometric data)", "Illinois BIPA (biometric collection without consent)", "CCPA (biometric identifiers)", "EU AI Act (biometric identification systems)" ], "data_classification": "PII", "safety_ceiling": "Acoustic probe within hearing safety limits; biometric data processed locally (not transmitted); explicit consent for identification use; ear canal biometric treated as irrevocable" }, "engineering": { "coupling": [ "acoustic" ], "parameters": { "probe_type": "broadband chirp or swept sine", "frequency_range_Hz": "200-8000", "probe_duration_ms": "10-100", "identification_accuracy_pct": ">99 (NEC demonstration)", "canal_length_mm": "~25", "canal_diameter_mm": "~7" }, "hardware": [ "ANC_speaker", "feedback_microphone", "feedforward_microphone", "DSP_processor" ], "detection": "ANC probe tone frequency/timing audit, unexpected acoustic measurements outside ANC calibration cycle, biometric data transmission monitoring, firmware integrity verification" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Covert biometric identification via consumer earbud partially captured by CVSS; irrevocable biometric capture dimension not fully expressed" }, "feeds_into": { "targets": [ "QIF-T0032", "QIF-T0036", "QIF-B.IN" ], "note": "Ear canal fingerprinting feeds biometric identity + targeted BCI intrusion" }, "neurorights": { "affected": [ "MP", "DI" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "ANC earbuds with feedback microphones widely deployed", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "NEC 2016", "Gao et al. 2019" ], "qif_contribution": "threat_recontextualization" }, "technique": "Ear canal acoustic fingerprinting (ANC echo profiling for covert identification)", "tara_alias": "TARA-IDN-R-003", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0080", "attack": "Gyroscope acoustic eavesdropping (MEMS speech capture via resonant frequency aliasing)", "tactic": "QIF-S.RP", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "No (purely classical MEMS resonance exploit)", "sources": [ "Michalevsky et al. 2014 (Gyrophone: Recognizing Speech from Gyroscope Signals, USENIX Security)", "Zhang et al. 2017 (AccelWord: Energy-efficient voice command recognition via accelerometer)", "Anand & Saxena 2018 (Speechless: Analyzing the Threat to Speech Privacy from Smartphone Motion Sensors, IEEE S&P)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "SE", "notes": "MEMS gyroscopes in smartphones sample at 100-200 Hz, with mechanical resonant frequencies in the audible speech range (100-8000 Hz). When sound waves strike the MEMS proof mass, they induce vibrations that alias into the gyroscope output. Michalevsky et al. (2014) demonstrated that gyroscope data alone can reconstruct intelligible speech features, identify speakers, and detect spoken digits — all without microphone permission. Android allowed gyroscope access without any permission until API level 33. This creates a covert audio surveillance channel through an 'inertial' sensor that apps access freely. Combined with accelerometer data (T0081), reconstruction quality improves significantly. The attack requires no hardware modification — only a software app with motion sensor access.", "legacy_ids": [], "legacy_technique_id": "T2075", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:E/RV:F/NP:N", "score": 1.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0072", "QIF-T0081", "QIF-T0083", "T1123" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "MEMS gyroscope mechanical resonance captures airborne acoustic vibrations; speech features reconstructed via signal processing of motion sensor output", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "motion_sensor_access_audit", "gyroscope_sampling_rate_monitoring", "app_permission_review" ], "regulations": [ "ECPA (18 U.S.C. § 2511)", "GDPR Art. 5", "Android sensor permission policy" ], "data_classification": "PII", "safety_ceiling": "Motion sensor access should require explicit permission; sampling rate capped below speech-relevant frequencies when audio permission not granted" }, "engineering": { "coupling": [ "acoustic", "mechanical" ], "parameters": { "gyroscope_sample_rate_Hz": "100-200", "resonant_frequency_Hz": "100-8000 (MEMS-dependent)", "speech_reconstruction_accuracy": "~65% digit recognition", "SNR_requirement_dB": ">10" }, "hardware": [ "MEMS_gyroscope", "DSP_processor" ], "detection": "Gyroscope access frequency monitoring, anomalous continuous sampling patterns, app behavior analysis for motion-to-audio correlation" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 1, "gap_summary": "Covert eavesdropping via motion sensor; CVSS confidentiality metrics apply but permission-bypass dimension not captured" }, "feeds_into": { "targets": [ "QIF-D.HV" ], "note": "Gyroscope audio capture feeds ambient data harvest" }, "neurorights": { "affected": [ "MP" ], "cci": 0.12 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "No FDA pathway for consumer sensor exploitation", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "MEMS gyroscopes in all smartphones", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Michalevsky et al. 2014" ], "qif_contribution": "threat_recontextualization" }, "technique": "Gyroscope acoustic eavesdropping (MEMS speech capture via resonant frequency aliasing)", "tara_alias": "TARA-AUD-R-001", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0081", "attack": "Accelerometer speech reconstruction (vibration-to-audio via surface-coupled MEMS)", "tactic": "QIF-S.RP", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "No (classical vibration analysis)", "sources": [ "Zhang et al. 2019 (AccelEve: Eavesdropping via Accelerometers on Smartphones, IEEE S&P Workshop)", "Ba et al. 2020 (Learning-based Practical Smartphone Eavesdropping with Built-in Accelerometer, NDSS)", "Han et al. 2012 (ACComplice: accelerometer side channel, ACM CCS)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "SE", "notes": "Modern smartphone accelerometers (ADXL345, BMI270) have sufficient sensitivity to capture speech vibrations transmitted through surfaces. When a phone lies on a table during a conversation, or is held against the ear during a call, speech vibrations propagate through the phone chassis to the MEMS accelerometer. Ba et al. (2020) used deep learning to reconstruct intelligible speech from accelerometer data alone, achieving speaker identification and keyword recognition. Unlike the gyroscope attack (T0080), accelerometers benefit from direct surface coupling — speech vibrations transmitted through desks, tables, or the user's hand provide stronger signal. Like T0080, accelerometer access required no permission on Android until recent API changes. The combination of gyroscope + accelerometer data (sensor fusion) significantly improves reconstruction quality over either sensor alone.", "legacy_ids": [], "legacy_technique_id": "T2076", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:E/RV:F/NP:N", "score": 1.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0072", "QIF-T0080", "QIF-T0083", "QIF-T0087", "T1123" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "MEMS accelerometer captures speech vibrations transmitted through surfaces or phone chassis; deep learning reconstructs intelligible audio from motion sensor data", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "accelerometer_access_audit", "sensor_sampling_rate_monitoring", "app_permission_review" ], "regulations": [ "ECPA (18 U.S.C. § 2511)", "GDPR Art. 5", "Android sensor permission policy" ], "data_classification": "PII", "safety_ceiling": "Accelerometer access should require permission when sampling above speech-relevant thresholds; surface coupling mitigated by isolation mounts" }, "engineering": { "coupling": [ "acoustic", "mechanical" ], "parameters": { "accelerometer_sample_rate_Hz": "100-500", "sensitivity_mg": "0.1-1.0", "speech_reconstruction_WER": "~30-50% (deep learning)", "surface_coupling_gain_dB": "+10-20 vs airborne" }, "hardware": [ "MEMS_accelerometer", "ML_inference_engine" ], "detection": "Accelerometer access pattern monitoring, anomalous continuous high-rate sampling, correlation with ambient audio events" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 1, "gap_summary": "Eavesdropping via accelerometer; standard confidentiality metrics apply" }, "feeds_into": { "targets": [ "QIF-D.HV" ], "note": "Accelerometer speech capture feeds ambient data harvest" }, "neurorights": { "affected": [ "MP" ], "cci": 0.12 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "No FDA pathway for consumer sensor exploitation", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "MEMS accelerometers in all smartphones", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Zhang et al. 2019", "Ba et al. 2020" ], "qif_contribution": "threat_recontextualization" }, "technique": "Accelerometer speech reconstruction (vibration-to-audio via surface-coupled MEMS)", "tara_alias": "TARA-AUD-R-002", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0082", "attack": "Ultrasonic cross-device tracking (inaudible beacon correlation for user identification)", "tactic": "QIF-S.HV", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "ACOUSTIC", "access": null, "classical": "Yes", "quantum": "No (classical acoustic signaling)", "sources": [ "Mavroudis et al. 2017 (On the Privacy and Security of the Ultrasound Ecosystem, PoPETS)", "Arp et al. 2017 (Privacy Threats through Ultrasonic Side Channels on Mobile Devices, IEEE EuroS&P)", "Silverpush, Lisnr, SilverPush SDK (commercial ultrasonic tracking)" ], "status": "CONFIRMED", "severity": "high", "ui_category": "CI", "notes": "Advertisers and tracking firms embed inaudible ultrasonic beacons (18-22 kHz) in TV commercials, web ads, and in-store audio. Any device with microphone access (phone, tablet, smart speaker) within acoustic range can detect these beacons and report them to a tracking server. This enables cross-device user identification (linking phone, laptop, TV viewing), physical location tracking (in-store beacons), and de-anonymization of Tor/VPN users (TV ad beacons correlate with browsing sessions). Silverpush was found embedded in 234 Android apps (2017). The beacons are inaudible to humans but easily detected by consumer microphones. Combined with QIF-T0075 (ultrasonic sonar), the same frequency band serves both tracking and physiological surveillance. This technique requires no hardware modification — only software with microphone permission.", "legacy_ids": [], "legacy_technique_id": "T2077", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0075", "QIF-T0079", "T1040", "T1071" ], "secondary_tactics": [ "QIF-D.HV", "QIF-N.SC" ] }, "tara": { "mechanism": "Inaudible ultrasonic beacons (18-22 kHz) embedded in audio content detected by consumer device microphones for cross-device user tracking and location correlation", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "ultrasonic_spectrum_analysis", "microphone_access_audit", "network_beacon_correlation" ], "regulations": [ "GDPR Art. 5 (transparency)", "FTC Act Section 5", "ePrivacy Directive" ], "data_classification": "PII", "safety_ceiling": "Ultrasonic beacon detection should be disclosed; microphone access for tracking requires explicit consent; frequency filtering above 18 kHz by default" }, "engineering": { "coupling": [ "acoustic" ], "parameters": { "beacon_frequency_kHz": "18-22", "beacon_duration_ms": "50-500", "detection_range_m": "1-10", "encoding": "frequency-shift or amplitude modulation" }, "hardware": [ "consumer_speaker", "consumer_microphone", "DSP_processor" ], "detection": "Ultrasonic spectrum monitoring (18-22 kHz), microphone access auditing, network traffic analysis for beacon reporting endpoints" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 1, "gap_summary": "Cross-device tracking via ultrasonic beacons; CVSS confidentiality metrics partially capture privacy loss" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-N.SC" ], "note": "Ultrasonic tracking feeds identity correlation and reconnaissance" }, "neurorights": { "affected": [ "MP" ], "cci": 0.12 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "No FDA pathway for consumer sensor exploitation", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Consumer speakers and microphones sufficient", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Mavroudis et al. 2017", "Arp et al. 2017" ], "qif_contribution": "threat_recontextualization" }, "technique": "Ultrasonic cross-device tracking (inaudible beacon correlation for user identification)", "tara_alias": "TARA-SIL-R-008", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0083", "attack": "Acoustic keystroke inference (typing sound classification for credential extraction)", "tactic": "QIF-S.HV", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "ACOUSTIC", "access": null, "classical": "Yes", "quantum": "No (classical acoustic pattern recognition)", "sources": [ "Harrison & Matyunin 2023 (A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards, IEEE European Symposium on Security and Privacy Workshops)", "Zhuang et al. 2009 (Keyboard Acoustic Emanations Revisited, ACM TISSEC)", "Compagno et al. 2017 (Don't Skype & Type! Acoustic Eavesdropping in Voice-Over-IP, ACM CCS)" ], "status": "CONFIRMED", "severity": "high", "ui_category": "CI", "notes": "Each key on a keyboard produces a subtly different acoustic signature based on its position, the mechanical structure beneath it, and the user's typing dynamics. Harrison & Matyunin (2023) achieved 95% keystroke classification accuracy using a deep learning model trained on laptop keyboard audio captured by a nearby phone. The attack works over Zoom/Skype calls (Compagno et al. 2017), enabling remote credential theft during video conferences. Attack scenarios: (1) malicious app with microphone access on the same desk, (2) nearby compromised smart speaker, (3) during a video call where keyboard sounds leak through the microphone. This technique pairs with accelerometer keystroke inference (T0087) for multi-modal confirmation, significantly reducing error rates.", "legacy_ids": [], "legacy_technique_id": "T2078", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0080", "QIF-T0081", "QIF-T0087", "T1056.001" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "Deep learning classification of keyboard acoustic emanations to reconstruct typed text including credentials and sensitive content", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "microphone_access_audit", "audio_classification_detection", "VoIP_audio_filtering" ], "regulations": [ "ECPA (18 U.S.C. § 2511)", "GDPR Art. 5", "CFAA (credential theft)" ], "data_classification": "PII", "safety_ceiling": "Microphone access disclosure; VoIP clients should filter keyboard frequency bands; keystroke sounds should be suppressed in conferencing software" }, "engineering": { "coupling": [ "acoustic" ], "parameters": { "classification_accuracy_pct": ">95 (nearby phone), ~60 (VoIP)", "frequency_range_Hz": "1000-16000", "model_type": "CNN/transformer on mel spectrograms", "training_data": "~25 keystrokes per key" }, "hardware": [ "consumer_microphone", "ML_inference_engine" ], "detection": "Audio stream analysis for keystroke patterns, VoIP audio filtering, acoustic noise injection for keystroke masking" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 1, "gap_summary": "Credential theft via acoustic side channel; CVSS confidentiality applies well" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-B.IN" ], "note": "Keystroke inference feeds credential harvest and potential system intrusion" }, "neurorights": { "affected": [ "MP" ], "cci": 0.12 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "No FDA pathway for consumer sensor exploitation", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Consumer microphones sufficient", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Harrison & Matyunin 2023", "Zhuang et al. 2009" ], "qif_contribution": "threat_recontextualization" }, "technique": "Acoustic keystroke inference (typing sound classification for credential extraction)", "tara_alias": "TARA-SIL-R-009", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0084", "attack": "Remote photoplethysmography (camera-based pulse and blood oxygen extraction)", "tactic": "QIF-S.HV", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "OPTICAL", "access": null, "classical": "Yes", "quantum": "No (classical optical measurement)", "sources": [ "Verkruysse et al. 2008 (Remote plethysmographic imaging using ambient light, Optics Express)", "Poh et al. 2011 (Advancements in Noncontact, Multiparameter Physiological Measurements Using a Webcam, IEEE Trans Biomed Eng)", "Chen & McDuff 2018 (DeepPhys: Video-Based Physiological Measurement Using Convolutional Attention Networks, ECCV)", "Liu et al. 2023 (EfficientPhys: enabling simple, fast and accurate camera-based vitals measurement)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "SE", "notes": "Standard RGB webcams and phone cameras can detect the subtle skin color changes caused by blood volume pulses beneath the skin surface. Each heartbeat modulates hemoglobin concentration in facial capillaries, creating sub-pixel intensity variations in the green channel (540nm peak absorption of hemoglobin). Modern deep learning models (DeepPhys, EfficientPhys) extract heart rate, heart rate variability, breathing rate, and blood oxygen saturation from webcam video with near-clinical accuracy — even through video compression artifacts on Zoom/Teams calls. Attack scenario: any app with camera access (video call, face filter, AR app) silently extracts physiological data. The user consents to video, not to vital sign monitoring. This technique has been demonstrated at distances up to 3m with consumer cameras and works under variable ambient lighting conditions.", "legacy_ids": [], "legacy_technique_id": "T2079", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:E/RV:F/NP:N", "score": 1.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0075", "QIF-T0077", "QIF-T0093", "T1040" ], "secondary_tactics": [ "QIF-D.HV", "QIF-N.SC" ] }, "tara": { "mechanism": "RGB camera captures sub-pixel skin color variations from cardiac blood volume pulses; deep learning extracts heart rate, HRV, respiratory rate, and SpO2 from video", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Contactless vital sign monitoring for telemedicine and patient screening", "conditions": [ "remote patient monitoring (telemedicine vitals)", "neonatal heart rate monitoring (non-contact)", "mental health stress screening (HRV analysis)", "pain assessment (autonomic response detection)" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Standard RGB camera at ambient light; no active illumination required; operates within normal video call conditions", "sources": [ "Poh et al. 2011 (IEEE Trans Biomed Eng, webcam vitals)", "Chen & McDuff 2018 (ECCV, DeepPhys)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "camera_access_audit", "video_processing_pipeline_audit", "physiological_data_extraction_detection" ], "regulations": [ "HIPAA (if health data derived)", "GDPR Art. 9 (health data)", "FTC Act Section 5", "EU AI Act (biometric processing)" ], "data_classification": "PHI", "safety_ceiling": "Camera-based vital sign extraction requires explicit consent beyond video permission; data minimization for physiological features" }, "engineering": { "coupling": [ "optical" ], "parameters": { "camera_resolution": "640x480 minimum", "frame_rate_fps": ">15", "heart_rate_accuracy_bpm": "±2-5", "SpO2_accuracy_pct": "±2-3", "working_distance_m": "0.3-3" }, "hardware": [ "RGB_camera", "ML_inference_engine" ], "detection": "Camera access auditing, video processing pipeline monitoring, detection of physiological feature extraction in video frames" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Covert physiological extraction from video partially captured by CVSS; health privacy dimension not fully expressed" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-N.SC" ], "note": "Camera-based PPG feeds physiological data harvest and identity profiling" }, "neurorights": { "affected": [ "MP", "DI" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "RGB cameras in all smartphones", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Verkruysse et al. 2008", "Poh et al. 2011" ], "qif_contribution": "threat_recontextualization" }, "technique": "Remote photoplethysmography (camera-based pulse and blood oxygen extraction)", "tara_alias": "TARA-AUT-R-004", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0085", "attack": "Eye tracking cognitive state inference (gaze pattern analysis for attention and intent profiling)", "tactic": "QIF-S.HV", "bands": "S1→S2→N3→N7", "band_ids": [ "S1", "S2", "N3", "N7" ], "coupling": "OPTICAL", "access": null, "classical": "Yes", "quantum": "Enhanced (QI coherence metric detects unauthorized cognitive profiling if deployed)", "sources": [ "Katsini et al. 2020 (The Role of Eye Gaze in Security and Privacy Applications, ACM Computing Surveys)", "Sluganovic et al. 2018 (Using Reflexive Eye Movements for Fast Challenge-Response Authentication, USENIX Security)", "Apple Vision Pro eye tracking (visionOS gaze-based interaction)", "Meta Quest Pro eye tracking (Meta Presence Platform)", "Liebling & Preibusch 2014 (Privacy of Web Search via Eye Tracking, PoPETS)" ], "status": "DEMONSTRATED", "severity": "critical", "ui_category": "EX", "notes": "Eye tracking hardware is now standard in AR/VR headsets (Apple Vision Pro, Meta Quest Pro, PSVR2) and available as peripherals for laptops (Tobii). Gaze patterns reveal far more than where someone looks: pupil dilation indicates cognitive load and arousal, saccade patterns reveal reading comprehension and attention, fixation duration maps interest and engagement, and smooth pursuit movements indicate prediction and anticipation. Research has demonstrated extraction of: sexual orientation, political affiliation, cognitive disorders (ADHD, dyslexia, autism), emotional state, deception, and even personality traits from eye tracking data alone. In VR/AR headsets, eye tracking runs continuously for foveated rendering (a legitimate performance optimization), creating an always-on cognitive surveillance channel. The user consents to eye tracking for UI interaction, not for cognitive profiling. This is the closest consumer-sensor analog to neural eavesdropping without any BCI hardware.", "legacy_ids": [], "legacy_technique_id": "T2080", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:H/CV:I/RV:F/NP:N", "score": 3.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0074", "QIF-T0041", "QIF-T0036", "T1005" ], "secondary_tactics": [ "QIF-C.EX", "QIF-D.HV", "QIF-M.SV" ] }, "tara": { "mechanism": "Eye tracking hardware in AR/VR headsets captures gaze patterns, pupil dilation, saccades, and fixations; ML models infer cognitive states, personality traits, and intent", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Eye tracking for neurological assessment and cognitive rehabilitation", "conditions": [ "ADHD diagnosis (saccade pattern analysis)", "autism spectrum screening (gaze pattern biomarkers)", "traumatic brain injury assessment", "Alzheimer's early detection (reading pattern changes)" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "IR illumination within IEC 62471 limits; gaze data processed locally; cognitive inferences require explicit consent", "sources": [ "Katsini et al. 2020 (ACM Computing Surveys, eye gaze in security)", "Sluganovic et al. 2018 (USENIX Security, reflexive eye movements)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "eye_tracking_data_access_audit", "cognitive_inference_pipeline_audit", "data_retention_limits", "purpose_limitation_enforcement" ], "regulations": [ "GDPR Art. 9 (biometric data)", "GDPR Art. 22 (automated decision-making)", "EU AI Act (high-risk biometric)", "Illinois BIPA", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Eye tracking cognitive inference requires explicit opt-in beyond foveated rendering consent; purpose limitation mandatory; right to cognitive liberty" }, "engineering": { "coupling": [ "optical" ], "parameters": { "sampling_rate_Hz": "60-120", "accuracy_degrees": "0.5-1.0", "pupil_dilation_resolution_mm": "0.01", "cognitive_state_inference_latency_ms": "<500" }, "hardware": [ "IR_LED_illuminator", "eye_tracking_camera", "ML_inference_engine", "AR_VR_headset" ], "detection": "Eye tracking data access audit logging, cognitive inference model detection, anomalous data retention patterns, purpose limitation enforcement" }, "dsm5": { "primary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "established" }, { "code": "F84", "name": "Pervasive developmental disorders", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "probable" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function; N3 (cerebellar cortex/deep cerebellar nuclei) → motor coordination", "niss_correlation": "CR:H,CD:H,CV:I → cognitive/psychotic cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "supplemental": "S:P/AU:Y/R:A/V:D", "gap_group": 3, "gap_summary": "Cognitive state inference from eye tracking — mental privacy violation not expressible in CVSS; closest consumer analog to neural eavesdropping" }, "feeds_into": { "targets": [ "QIF-C.EX", "QIF-D.HV", "QIF-M.SV" ], "note": "Eye tracking cognitive profiling feeds cognitive exploitation and model training" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Eye tracking in Vision Pro, Quest, consumer webcams", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Katsini et al. 2020", "Sluganovic et al. 2018" ], "qif_contribution": "threat_recontextualization" }, "technique": "Eye tracking cognitive state inference (gaze pattern analysis for attention and intent profiling)", "tara_alias": "TARA-VIS-R-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0086", "attack": "Ambient light sensor side-channel exfiltration (screen content inference via reflected light)", "tactic": "QIF-S.HV", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "OPTICAL", "access": null, "classical": "Yes", "quantum": "No (classical optical side channel)", "sources": [ "Zhang & Lian 2024 (Eavesdropping on Controller Area Network via Ambient Light Sensor, ACM CCS)", "Spreitzer et al. 2018 (Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices, IEEE Communications Surveys)", "Mosenia et al. 2017 (PinMe: Tracking a Smartphone User around the World, IEEE Trans Multi-Scale Computing Systems)" ], "status": "DEMONSTRATED", "severity": "medium", "ui_category": "SE", "notes": "Ambient light sensors (ALS) in smartphones and tablets are low-resolution photometers (typically 16-bit, 10-100 Hz) that measure environmental illumination for auto-brightness. Since the ALS is near the display, it also captures light reflected back from the display itself and from nearby surfaces illuminated by the display. This creates a side channel: the ALS output correlates with screen content. While the ALS cannot reconstruct a full image, it can distinguish between dark and light screens, detect page scrolling patterns, identify video content by temporal light signatures, and in some cases infer text content via character-level luminance patterns. Crucially, ALS access requires no permission on most mobile platforms — it's treated as a low-risk environmental sensor. This makes it an unrestricted exfiltration channel for screen activity patterns.", "legacy_ids": [], "legacy_technique_id": "T2081", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:P/RV:F/NP:N", "score": 0.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0084", "T1005", "T1040" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "Ambient light sensor captures display-reflected light variations to infer screen content, scrolling patterns, and user activity without requiring camera or screen capture permissions", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "ALS_access_frequency_audit", "sensor_data_exfiltration_detection" ], "regulations": [ "GDPR Art. 5", "ECPA", "ePrivacy Directive" ], "data_classification": "PII", "safety_ceiling": "ALS sampling rate should be limited when screen content could be inferred; permission model should gate high-frequency ALS access" }, "engineering": { "coupling": [ "optical" ], "parameters": { "ALS_resolution_bits": "16", "sampling_rate_Hz": "10-100", "content_inference_accuracy": "Activity classification (~80%), text inference (limited)", "requires_permission": "No (most platforms)" }, "hardware": [ "ambient_light_sensor", "DSP_processor" ], "detection": "ALS access frequency monitoring, correlation analysis between ALS data and known screen content patterns" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "supplemental": "S:N/AU:N/R:A/V:D", "gap_group": 1, "gap_summary": "Low-bandwidth side channel; CVSS confidentiality captures the data loss adequately" }, "feeds_into": { "targets": [ "QIF-D.HV" ], "note": "ALS side channel feeds screen activity data harvest" }, "neurorights": { "affected": [ "MP" ], "cci": 0.1 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "No FDA pathway for consumer sensor exploitation", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Ambient light sensors in all smartphones", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Zhang & Lian 2024", "Spreitzer et al. 2018" ], "qif_contribution": "threat_recontextualization" }, "technique": "Ambient light sensor side-channel exfiltration (screen content inference via reflected light)", "tara_alias": "TARA-SIL-R-010", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0087", "attack": "Accelerometer keystroke inference (touchscreen tap localization for PIN/password recovery)", "tactic": "QIF-S.HV", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "No (classical vibration analysis)", "sources": [ "Owusu et al. 2012 (ACCessory: Password Inference using Accelerometers on Smartphones, ACM HotMobile)", "Cai & Chen 2011 (TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion, USENIX HotSec)", "Miluzzo et al. 2012 (TapPrints: Your Finger Taps Have Fingerprints, ACM MobiSys)" ], "status": "CONFIRMED", "severity": "high", "ui_category": "CI", "notes": "When a user taps on a touchscreen, the phone tilts slightly depending on the tap location relative to the device's center of mass. The accelerometer and gyroscope capture these micro-tilts, and the pattern differs for each key position on the virtual keyboard. Owusu et al. (2012) demonstrated 4-digit PIN recovery from accelerometer data alone, and Miluzzo et al. (2012) showed that tap signatures are consistent enough for user identification. The attack works because: (1) different screen positions produce distinct tilt vectors, (2) typing rhythm provides temporal constraints, and (3) language models constrain character sequences. Combined with acoustic keystroke inference (T0083), the multi-modal approach achieves near-perfect accuracy. Since motion sensor access traditionally required no permission, any app could silently capture PIN entry.", "legacy_ids": [], "legacy_technique_id": "T2082", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0081", "QIF-T0083", "QIF-T0088", "T1056.001" ], "secondary_tactics": [ "QIF-D.HV", "QIF-B.IN" ] }, "tara": { "mechanism": "Accelerometer and gyroscope capture micro-tilt patterns from touchscreen taps; ML models localize tap positions to recover PINs, passwords, and typed text", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "motion_sensor_access_audit", "tap_pattern_detection", "concurrent_keyboard_sensor_access" ], "regulations": [ "CFAA", "ECPA", "GDPR Art. 5", "Android/iOS sensor permission policy" ], "data_classification": "PII", "safety_ceiling": "Motion sensor access during keyboard input should be restricted; sensor data should not be accessible concurrent with authentication UI" }, "engineering": { "coupling": [ "mechanical" ], "parameters": { "PIN_recovery_accuracy_pct": "~70-80 (4-digit PIN)", "accelerometer_sample_rate_Hz": "100-200", "requires_training": "per-device calibration helps", "fusion_with_T0083": "near-perfect accuracy" }, "hardware": [ "MEMS_accelerometer", "MEMS_gyroscope", "ML_inference_engine" ], "detection": "Motion sensor access correlation with keyboard display, anomalous high-rate sampling during authentication, sensor permission auditing" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 1, "gap_summary": "Credential theft via motion sensors; CVSS confidentiality metrics apply well" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-B.IN" ], "note": "Tap localization feeds credential harvest and system intrusion" }, "neurorights": { "affected": [ "MP" ], "cci": 0.12 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "No FDA pathway for consumer sensor exploitation", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "MEMS accelerometers in all smartphones", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Owusu et al. 2012", "Cai & Chen 2011" ], "qif_contribution": "threat_recontextualization" }, "technique": "Accelerometer keystroke inference (touchscreen tap localization for PIN/password recovery)", "tara_alias": "TARA-SIL-R-011", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0088", "attack": "Gait biometric identification (IMU-based walking pattern fingerprint for persistent tracking)", "tactic": "QIF-S.FP", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "No (classical motion pattern analysis)", "sources": [ "Muaaz & Mayrhofer 2017 (Smartphone-based Gait Recognition: From Authentication to Imitation, IEEE Trans Mobile Computing)", "Ngo et al. 2014 (The Largest Inertial Sensor-Based Gait Database, Pattern Recognition)", "Sprager & Juric 2015 (Inertial Sensor-Based Gait Recognition: A Review, Sensors)" ], "status": "CONFIRMED", "severity": "high", "ui_category": "CI", "notes": "Every person has a unique gait signature determined by limb length ratios, joint flexibility, muscle strength distribution, and neurological motor control patterns. Smartphone IMU sensors (accelerometer + gyroscope) carried in a pocket capture this signature with high fidelity — Muaaz & Mayrhofer (2017) achieved >95% identification accuracy across 175 subjects. The gait signature is: (1) difficult to spoof (requires altering unconscious motor patterns), (2) captured passively (phone in pocket during normal walking), (3) persistent across sessions and devices, and (4) capturable without any explicit permission. Gait biometrics enable persistent user tracking even when other identifiers (cookies, device IDs, face) are unavailable. Combined with T0089 (neurological profiling), gait data also reveals health conditions affecting motor control.", "legacy_ids": [], "legacy_technique_id": "T2083", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0079", "QIF-T0089", "QIF-T0091", "QIF-T0093", "T1040" ], "secondary_tactics": [ "QIF-D.HV", "QIF-N.SC" ] }, "tara": { "mechanism": "Smartphone IMU sensors capture unique walking patterns determined by biomechanics and neurological motor control; ML models fingerprint individuals for persistent tracking", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Gait analysis for rehabilitation and neurological monitoring", "conditions": [ "Parkinson's disease gait monitoring", "fall risk assessment in elderly", "post-stroke rehabilitation tracking", "orthopedic recovery monitoring" ], "fda_status": "cleared", "evidence_level": "cohort", "safe_parameters": "Passive IMU recording during normal ambulation; no active stimulation; data processed locally", "sources": [ "Sprager & Juric 2015 (Sensors, gait recognition review)", "Ngo et al. 2014 (Pattern Recognition, gait database)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "IMU_continuous_access_audit", "gait_template_storage_audit", "biometric_data_handling" ], "regulations": [ "GDPR Art. 9 (biometric data)", "Illinois BIPA", "CCPA (biometric identifiers)", "EU AI Act (biometric identification)" ], "data_classification": "PII", "safety_ceiling": "Gait biometric extraction requires explicit consent; templates treated as irrevocable biometric; data minimization mandatory" }, "engineering": { "coupling": [ "mechanical" ], "parameters": { "identification_accuracy_pct": ">95", "IMU_sample_rate_Hz": "50-100", "template_stability_days": ">30", "walking_sample_required_steps": "~20-50" }, "hardware": [ "MEMS_accelerometer", "MEMS_gyroscope", "ML_inference_engine" ], "detection": "Continuous IMU access monitoring, gait template computation detection, biometric data transmission monitoring" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Persistent biometric tracking via gait; irrevocable biometric dimension not fully expressed in CVSS" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-N.SC" ], "note": "Gait fingerprinting feeds persistent identity tracking and reconnaissance" }, "neurorights": { "affected": [ "MP", "DI" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "IMU sensors in all smartphones and wearables", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Muaaz & Mayrhofer 2017", "Ngo et al. 2014" ], "qif_contribution": "threat_recontextualization" }, "technique": "Gait biometric identification (IMU-based walking pattern fingerprint for persistent tracking)", "tara_alias": "TARA-MOT-R-001", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0089", "attack": "Tremor and movement neurological profiling (IMU-based motor disorder detection and health inference)", "tactic": "QIF-S.HV", "bands": "S1→S2→N1→N7", "band_ids": [ "S1", "S2", "N1", "N7" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (QI coherence metric detects neurological anomalies if deployed)", "sources": [ "Arora et al. 2015 (Detecting and monitoring the symptoms of Parkinson's disease using smartphones, J Med Internet Res)", "Bot et al. 2016 (mPower: a smartphone study of Parkinson disease, Scientific Data)", "Giancardo et al. 2016 (Computer keyboard interaction as an indicator of early Parkinson's disease, Scientific Reports)", "Adams et al. 2017 (Tremor detection from smartphone accelerometer data, IEEE EMBC)" ], "status": "DEMONSTRATED", "severity": "critical", "ui_category": "SE", "notes": "Smartphone IMU sensors can detect pathological tremor patterns characteristic of neurological conditions: Parkinson's resting tremor (4-6 Hz), essential tremor (8-12 Hz), cerebellar tremor (3-5 Hz), and physiological tremor changes from medication, fatigue, or substance use. The mPower study (Bot et al. 2016) enrolled 16,000 participants and demonstrated that smartphone sensor data alone can distinguish Parkinson's patients from healthy controls with >90% accuracy. Beyond tremor, fine motor control degradation (touchscreen interaction patterns, typing dynamics) reveals cognitive decline, medication effects, intoxication levels, and fatigue. This is covert neurological diagnosis without the subject's knowledge or consent — the phone becomes a continuous neurological monitor. The data reveals protected health information about neurological conditions, substance use, and cognitive function from sensors that require no permission.", "legacy_ids": [], "legacy_technique_id": "T2084", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0074", "QIF-T0088", "QIF-T0085", "T1005" ], "secondary_tactics": [ "QIF-D.HV", "QIF-N.SC", "QIF-C.EX" ] }, "tara": { "mechanism": "Smartphone IMU sensors detect pathological tremor frequencies and fine motor control degradation to infer neurological conditions, medication effects, and cognitive state", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Remote Parkinson's monitoring and neurological screening", "conditions": [ "Parkinson's disease symptom tracking (mPower study)", "essential tremor monitoring", "multiple sclerosis motor assessment", "medication effect monitoring (levodopa response tracking)" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Passive IMU recording; no active stimulation; data processed per HIPAA; informed consent for neurological inference", "sources": [ "Bot et al. 2016 (Scientific Data, mPower study)", "Arora et al. 2015 (J Med Internet Res, smartphone Parkinson's detection)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "IMU_continuous_access_audit", "tremor_analysis_detection", "health_inference_pipeline_audit" ], "regulations": [ "HIPAA", "GDPR Art. 9 (health data)", "ADA (disability disclosure)", "GINA (genetic information)", "EU AI Act (high-risk health AI)" ], "data_classification": "PHI", "safety_ceiling": "Neurological inference from consumer sensors requires explicit informed consent; health condition predictions must be validated clinically; no discriminatory use" }, "engineering": { "coupling": [ "mechanical" ], "parameters": { "tremor_frequency_bands_Hz": "3-12", "PD_detection_accuracy_pct": ">90", "IMU_sample_rate_Hz": "50-200", "minimum_recording_duration_s": "10-30" }, "hardware": [ "MEMS_accelerometer", "MEMS_gyroscope", "ML_inference_engine" ], "detection": "Tremor analysis algorithm detection, continuous IMU sampling monitoring, health inference model output auditing" }, "dsm5": { "primary": [ { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "N7 (PFC/M1) → executive function; N1 (spinal cord) → reflexes", "niss_correlation": "CV:I → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:Y/R:A/V:D", "gap_group": 3, "gap_summary": "Covert neurological diagnosis from consumer sensors — health condition revelation and cognitive state inference not expressible in CVSS" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-N.SC", "QIF-C.EX" ], "note": "Neurological profiling feeds health data harvest and cognitive exploitation" }, "neurorights": { "affected": [ "MP", "MI", "DI" ], "cci": 1.35 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "IMU sensors in all smartphones and wearables", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Arora et al. 2015", "Bot et al. 2016" ], "qif_contribution": "threat_recontextualization" }, "technique": "Tremor and movement neurological profiling (IMU-based motor disorder detection and health inference)", "tara_alias": "TARA-MOT-R-002", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0090", "attack": "WiFi CSI passive body sensing (through-wall vital signs, 3D pose reconstruction, respiratory and gait biometric inference via dedicated or commodity WiFi hardware)", "tactic": "QIF-S.HV", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "RF", "access": null, "classical": "Yes", "quantum": "No (classical RF propagation analysis)", "sources": [ "Liu et al. 2019 (Wireless Sensing for Human Activity: A Survey, IEEE Communications Surveys)", "Liu et al. 2015 (WiFi respiration monitoring)", "Zeng et al. 2020 (FarSense: pushing the range limit of WiFi-based respiration sensing, ACM MobiSys)", "Wang et al. 2017 (TensorBeat: Tensor Decomposition for Monitoring Multiperson Breathing Beats with Commodity WiFi, ACM Trans Intelligent Systems and Technology)", "Wang et al. 2016 (WiFi-based gait recognition)", "Jiang et al. 2020 (Towards 3D Human Pose Construction Using WiFi, ACM MobiCom)", "Ali et al. 2015 (WiKey: keystroke recognition from WiFi CSI, MobiCom)", "Ma et al. 2019 (WiFi sensing with CSI: a survey, ACM Computing Surveys)" ], "status": "DEMONSTRATED", "severity": "critical", "ui_category": "SE", "notes": "WiFi Channel State Information (CSI) captures the multipath propagation characteristics between WiFi transmitter and receiver. Human body movements — including breathing (chest wall motion ~5mm), heartbeat (body surface vibration ~0.1mm), and walking — modulate the WiFi signal propagation paths. Two attack profiles: (1) DEDICATED HARDWARE — modified firmware on CSI-capable APs enables through-wall sensing (2-3 standard walls), 3D pose reconstruction, and multi-person vital sign extraction at up to 8m range. (2) CONSUMER-GRADE — standard WiFi chipsets (Intel 5300, Atheros, ESP32) with CSI-enabled drivers extract respiratory rate (±1 bpm at 3m) and gait identity (93% single-person, 78% multi-person) without dedicated hardware. Respiratory modulation: phase shift Δφ = 4π×Δd/λ ≈ 0.4-1.2 radians at 5 GHz (chest displacement 4-12mm). Gait produces Doppler shifts f_d = 2v×cos(θ)/λ ≈ 40 Hz at walking speed. CSI matrix: H(f,t) ∈ C^(N_tx × N_rx × N_sub). CRITICAL REGULATORY GAP: Respiratory rate = PHI under HIPAA (45 CFR 160.103) when linked to individual. Gait biometric = special category data under GDPR Art. 9. No consent mechanism exists for incidental WiFi CSI health data collection — a router collecting CSI for 'network optimization' simultaneously collects respiratory data from everyone in range. This is passive radar using existing infrastructure.", "legacy_ids": [], "legacy_technique_id": "T2085", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0075", "QIF-T0080", "QIF-T0081", "QIF-T0084", "QIF-T0088", "QIF-T0093", "QIF-T0098", "QIF-T0101", "T1040", "T1557" ], "secondary_tactics": [ "QIF-D.HV", "QIF-N.SC", "QIF-S.RP", "QIF-S.FP" ] }, "tara": { "mechanism": "WiFi OFDM subcarrier amplitude and phase modulation by human body movement, respiration, and gait; works through walls without any device on the target; both dedicated CSI hardware and commodity WiFi chipsets enable contactless physiological surveillance", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Contactless vital sign monitoring for sleep studies, elder care, and post-surgical recovery", "conditions": [ "contactless sleep apnea detection (Liu et al. 2015, demonstrated ±1 bpm)", "elderly fall detection and activity monitoring (no wearable required)", "post-surgical respiration monitoring without chest bands (burn patients)", "PTSD and anxiety monitoring via nocturnal breathing pattern analysis", "COPD exacerbation early warning via respiratory pattern changes", "Parkinson's gait analysis for medication timing optimization", "smart home health sensing" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Standard WiFi power levels (100 mW EIRP, < FCC Part 15 limits); passive sensing only (no additional RF emission); informed consent for monitoring", "sources": [ "Liu et al. 2019 (IEEE, WiFi sensing survey)", "Liu et al. 2015 (WiFi respiration, demonstrated ±1 bpm)", "Zeng et al. 2020 (ACM MobiSys, FarSense)", "Wang et al. 2017 (WiFi fall detection)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "CSI_extraction_detection", "router_firmware_integrity", "unusual_WiFi_traffic_patterns", "respiratory_data_access_log", "multi_person_anonymization_check" ], "regulations": [ "HIPAA (respiratory rate = PHI when linked to individual)", "GDPR Art. 9 (health data, behavioral biometrics)", "ECPA (electronic surveillance)", "Fourth Amendment (US, through-wall surveillance)", "FCC Part 15 (WiFi emissions)", "EU AI Act", "proposed neurorights legislation (cognitive state inference)" ], "data_classification": "PHI", "safety_ceiling": "Through-wall sensing requires explicit consent from all monitored persons; router firmware integrity mandatory; CSI extraction should be detectable; informed consent for health data derivation; data retention limits; anonymization for incidental collection; no CSI health data without explicit opt-in" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "WiFi_standard": "802.11n/ac/ax", "wifi_frequency_GHz": "2.4 or 5", "CSI_subcarriers": "30-256 (52 for 802.11n, 256 for 802.11ac)", "CSI_sampling_rate_Hz": "100-1000", "breathing_detection_range_m": "1-8", "through_wall_capability": "2-3 standard walls (dedicated hardware)", "heart_rate_accuracy_bpm": "±3-5 (dedicated), ±1 at 3m (consumer-grade respiration)", "gait_id_accuracy_percent": "93 (single-person), 78 (multi-person)", "respiratory_phase_shift_rad": "0.4-1.2 (at 5 GHz)", "gait_doppler_Hz": "~40 (at 5 GHz, walking)" }, "hardware": [ "WiFi_AP_with_CSI_support (dedicated)", "Intel_5300_NIC_or_ESP32_or_Nexmon (consumer-grade)", "modified_firmware", "signal_processing_backend" ], "detection": "CSI extraction monitoring on WiFi chipset, unusual AP firmware, anomalous WiFi traffic volume or patterns, respiratory-band filtering (0.1-0.5 Hz) in WiFi processing pipeline, RF sensing countermeasures" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — respiratory/gait data does not traverse neural pathway. Chains to N-domain if respiratory patterns used for cognitive state inference (stress detection).", "niss_correlation": "Silicon-only technique — no diagnostic mapping. CV:I reflects through-wall surveillance and health data collection without consent." } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Through-wall passive surveillance via WiFi; health privacy (HIPAA PHI), behavioral biometric (GDPR Art. 9), and regulatory consent gap dimensions not expressible in CVSS. Consumer-grade variant (PR:N/AT:N) has lower barrier to entry." }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-N.SC", "QIF-S.HV", "QIF-S.RP", "QIF-S.FP" ], "note": "WiFi CSI sensing feeds physiological data harvest, presence detection, behavioral profiling, and identity fingerprinting; chains to cognitive state inference via breathing pattern analysis" }, "neurorights": { "affected": [ "MP", "DI" ], "cci": 0.6 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "WiFi CSI supported by Intel 5300, ESP32, Nexmon", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Liu et al. 2019", "Wang et al. 2017" ], "qif_contribution": "threat_recontextualization" }, "technique": "WiFi CSI passive body sensing (through-wall vital signs, 3D pose reconstruction, respiratory and gait biometric inference via dedicated or commodity WiFi hardware)", "tara_alias": "TARA-AUT-R-005", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0091", "attack": "BLE physical-layer device fingerprinting (radio frequency imperfection tracking)", "tactic": "QIF-S.FP", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "RF", "access": null, "classical": "Yes", "quantum": "No (classical RF fingerprinting)", "sources": [ "Becker et al. 2022 (Tracking Anonymized Bluetooth Devices, PoPETS)", "Das et al. 2018 (Tracking Mobile Web Users Through Motion Sensors, NDSS)", "Ramsey et al. 2020 (BLE Device Tracking via Physical Layer Fingerprinting, IEEE CNS)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "CI", "notes": "Every Bluetooth Low Energy (BLE) transmitter has unique analog imperfections in its radio hardware: carrier frequency offset (CFO), I/Q imbalance, power amplifier nonlinearity, and phase noise characteristics. These imperfections are manufacturing artifacts that are stable, unique per device, and impossible to change via software — they are the RF equivalent of a fingerprint. Becker et al. (2022) demonstrated that BLE physical-layer fingerprinting can track devices even when using MAC address randomization (the privacy feature specifically designed to prevent tracking). This defeats Apple's and Google's BLE privacy protections. Attack scenario: passive BLE receivers at strategic locations (malls, airports, streets) fingerprint passing devices. The user's phone continuously advertises BLE (for AirDrop, Find My, COVID exposure notifications), and each advertisement carries the device's unchangeable RF fingerprint. This enables persistent location tracking despite all software-level privacy measures.", "legacy_ids": [], "legacy_technique_id": "T2086", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0079", "QIF-T0088", "QIF-T0082", "T1040", "T1120" ], "secondary_tactics": [ "QIF-D.HV", "QIF-N.SC" ] }, "tara": { "mechanism": "Passive BLE receiver extracts unique physical-layer radio imperfections (CFO, I/Q imbalance) from BLE advertisements to track devices despite MAC address randomization", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "enhanced", "monitoring": [ "BLE_fingerprinting_detection", "RF_scanning_infrastructure_audit", "location_data_collection_audit" ], "regulations": [ "GDPR Art. 5 (purpose limitation)", "ePrivacy Directive", "CCPA", "ECPA" ], "data_classification": "PII", "safety_ceiling": "Physical-layer fingerprinting defeats software privacy measures; regulatory frameworks need updating for hardware-level tracking; BLE chipset randomization of analog characteristics needed" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "CFO_resolution_Hz": "<100", "identification_accuracy_pct": ">90", "tracking_persistence": "permanent (hardware-determined)", "BLE_advertisement_interval_ms": "20-10240" }, "hardware": [ "SDR_receiver_or_modified_BLE_chipset", "signal_processing_backend" ], "detection": "Detection of passive BLE scanning infrastructure, RF environment monitoring, anomalous BLE receiver deployments" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Persistent device tracking defeating privacy controls; irrevocable hardware fingerprint dimension not fully expressed in CVSS" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-N.SC" ], "note": "BLE fingerprinting feeds persistent location tracking and device identification" }, "neurorights": { "affected": [ "MP" ], "cci": 0.24 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "SDR receivers commercially available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Becker et al. 2022", "Das et al. 2018" ], "qif_contribution": "threat_recontextualization" }, "technique": "BLE physical-layer device fingerprinting (radio frequency imperfection tracking)", "tara_alias": "TARA-SIL-R-012", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0092", "attack": "Thermal facial stress and emotion inference (IR thermography for autonomic nervous system state extraction)", "tactic": "QIF-S.HV", "bands": "S1→S2→N7", "band_ids": [ "S1", "S2", "N7" ], "coupling": "OPTICAL", "access": null, "classical": "Yes", "quantum": "No (classical thermal imaging)", "sources": [ "Engert et al. 2014 (Exploring the Use of Thermal Imaging to Assess Stress, PLOS ONE)", "Abdelrahman et al. 2017 (Cognitive Heat: Exploring the Usage of Thermal Imaging to Unobtrusively Estimate Cognitive Load, ACM IMWUT)", "Pavlidis et al. 2002 (Thermal Image Analysis for Polygraph Testing, IEEE Engineering in Medicine and Biology)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "SE", "notes": "The autonomic nervous system modulates facial skin temperature through vasoconstriction/vasodilation in response to stress, cognitive load, deception, arousal, and emotional states. Periorbital temperature (around the eyes) drops during stress as blood redirects to core muscles. Nasal tip temperature correlates with cognitive load. Forehead temperature maps to anxiety. Thermal cameras (LWIR, 8-14 µm) capture these patterns contactlessly. While consumer thermal cameras are not yet standard in phones, they are available as accessories (FLIR One, Seek Thermal), integrated into some laptops (for presence detection), and standard in many security/surveillance systems. Pavlidis et al. (2002) demonstrated thermal imaging as a polygraph alternative. As thermal sensors become cheaper and more integrated into consumer devices, this becomes a passive emotion/stress surveillance channel.", "legacy_ids": [], "legacy_technique_id": "T2087", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:E/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0077", "QIF-T0084", "QIF-T0085", "T1040" ], "secondary_tactics": [ "QIF-D.HV", "QIF-C.EX" ] }, "tara": { "mechanism": "Thermal IR camera captures facial temperature distribution modulated by autonomic nervous system; ML models infer stress, cognitive load, emotion, and deception from thermal patterns", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Thermal imaging for pain assessment and autonomic function testing", "conditions": [ "pain assessment (objective thermal correlates)", "anxiety disorder monitoring (periorbital temperature)", "PTSD arousal detection", "neuropathy assessment (thermal regulation dysfunction)" ], "fda_status": "cleared", "evidence_level": "cohort", "safe_parameters": "Passive thermal imaging (no radiation emitted); LWIR 8-14 µm detection only; standard room temperature conditions", "sources": [ "Engert et al. 2014 (PLOS ONE, thermal stress imaging)", "Pavlidis et al. 2002 (IEEE EMB, thermal polygraph)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "thermal_camera_access_audit", "emotion_inference_pipeline_audit", "data_retention_limits" ], "regulations": [ "GDPR Art. 9 (health data)", "EU AI Act (emotion recognition systems)", "HIPAA", "Illinois BIPA" ], "data_classification": "PHI", "safety_ceiling": "Emotion inference from thermal imaging requires explicit consent; EU AI Act may ban emotion recognition in certain contexts; data minimization mandatory" }, "engineering": { "coupling": [ "optical" ], "parameters": { "wavelength_um": "8-14 (LWIR)", "temperature_resolution_K": "0.05-0.1", "frame_rate_Hz": "9-60", "spatial_resolution_pixels": "160x120 to 640x480", "working_distance_m": "0.5-5" }, "hardware": [ "LWIR_thermal_camera", "ML_inference_engine" ], "detection": "Thermal camera access auditing, emotion inference model detection, unexpected IR sensor activation" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function", "niss_correlation": "CV:E → cognitive/psychotic cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 3, "gap_summary": "Emotional state inference from thermal imaging — psychological privacy dimension not expressible in CVSS" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-C.EX" ], "note": "Thermal emotion inference feeds psychological data harvest and cognitive exploitation" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "LWIR thermal cameras commercially available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Engert et al. 2014", "Abdelrahman et al. 2017" ], "qif_contribution": "threat_recontextualization" }, "technique": "Thermal facial stress and emotion inference (IR thermography for autonomic nervous system state extraction)", "tara_alias": "TARA-EMO-R-001", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0093", "attack": "PPG pulse waveform biometric identification (cardiac signature fingerprinting via wearable optical sensor)", "tactic": "QIF-S.FP", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "OPTICAL", "access": null, "classical": "Yes", "quantum": "No (classical photoplethysmography)", "sources": [ "Biswas et al. 2019 (CorNET: Deep Learning Framework for PPG-Based Heart Rate Estimation and Biometric Identification, IEEE Trans Biomed Eng)", "Yadav et al. 2018 (Evaluation of PPG biometrics for authentication, IEEE ICB)", "Kavsaoglu et al. 2023 (PPG-based biometric identification: A comprehensive review, Expert Systems with Applications)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "CI", "notes": "Photoplethysmography (PPG) sensors in smartwatches and fitness trackers measure blood volume changes through green LED light reflected from the wrist. The PPG waveform shape is unique per individual — determined by cardiac output, arterial stiffness, vessel geometry, and autonomic tone. Biswas et al. (2019) demonstrated >98% identification accuracy using deep learning on PPG waveforms. Unlike heart rate (a single number), the full PPG waveform is a rich biometric containing: pulse amplitude, dicrotic notch depth, systolic/diastolic ratio, pulse transit time, and waveform morphology. This biometric is continuously captured by any wearable with a heart rate sensor (Apple Watch, Fitbit, Galaxy Watch, Oura Ring). The user consents to heart rate monitoring, not to biometric identification from their cardiac waveform. Combined with T0088 (gait) and T0079 (ear canal), the attacker has three independent biometric channels from consumer devices.", "legacy_ids": [], "legacy_technique_id": "T2088", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0077", "QIF-T0079", "QIF-T0084", "QIF-T0088", "T1040" ], "secondary_tactics": [ "QIF-D.HV", "QIF-N.SC" ] }, "tara": { "mechanism": "Wearable PPG sensor captures unique cardiac pulse waveform morphology determined by cardiovascular physiology; deep learning extracts biometric identity from waveform features", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "PPG-based cardiovascular health monitoring", "conditions": [ "atrial fibrillation detection (Apple Watch FDA clearance)", "blood pressure estimation (pulse wave analysis)", "sleep apnea screening (SpO2 + pulse waveform)", "vascular stiffness assessment" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "Green LED at standard wearable power levels; Class 1 device; continuous wear monitoring", "sources": [ "Biswas et al. 2019 (IEEE Trans Biomed Eng, PPG biometrics)", "Apple 2020 (Apple Watch AFib detection, FDA De Novo clearance)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "PPG_raw_data_access_audit", "biometric_template_storage", "waveform_export_monitoring" ], "regulations": [ "GDPR Art. 9 (biometric data)", "Illinois BIPA", "CCPA (biometric identifiers)", "HIPAA (cardiovascular health data)" ], "data_classification": "PII", "safety_ceiling": "PPG biometric identification requires explicit consent beyond health monitoring; cardiac waveform templates treated as irrevocable biometric; data minimization mandatory" }, "engineering": { "coupling": [ "optical" ], "parameters": { "LED_wavelength_nm": "530 (green)", "sampling_rate_Hz": "25-250", "identification_accuracy_pct": ">98", "template_stability": "high (cardiovascular structure is stable)" }, "hardware": [ "green_LED", "photodetector", "wearable_housing", "ML_inference_engine" ], "detection": "PPG raw data access auditing, biometric template computation detection, unusual waveform data export" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Cardiac biometric extraction from wearable; irrevocable biometric dimension not fully expressed in CVSS" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-N.SC" ], "note": "PPG biometric fingerprinting feeds persistent cardiac identity tracking" }, "neurorights": { "affected": [ "MP", "DI" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "PPG sensors in all smartwatches", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Biswas et al. 2019", "Yadav et al. 2018" ], "qif_contribution": "threat_recontextualization" }, "technique": "PPG pulse waveform biometric identification (cardiac signature fingerprinting via wearable optical sensor)", "tara_alias": "TARA-AUT-R-006", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0094", "attack": "Magnetometer speaker-leakage eavesdropping (magnetic field emanation capture from speaker voice coils)", "tactic": "QIF-S.RP", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "ELECTROMAGNETIC", "access": null, "classical": "Yes", "quantum": "No (classical electromagnetic emanation)", "sources": [ "Matyunin et al. 2019 (MagneticSpy: Exploiting Magnetometer in Mobile Devices for Website and Application Fingerprinting, ACM WiSec)", "Guri et al. 2020 (MAGNETO: Covert Channel between Air-Gapped Systems and Nearby Smartphones via CPU-Generated Magnetic Fields)", "Zhang et al. 2020 (MagAttack: Eavesdropping on Headphone Magnetic Leakage)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "SE", "notes": "Speaker voice coils are electromagnets — when driven by audio current, they produce proportional magnetic field emanations. Smartphone magnetometers (used for compass/navigation) are sensitive enough to detect these emanations from nearby speakers, earbuds, or headphones. Zhang et al. (2020) demonstrated that a smartphone's magnetometer placed within 10-20 cm of earbuds can reconstruct the audio being played, including speech. This creates an eavesdropping channel through magnetic emanations rather than acoustic leakage — it works even when the audio is not audible (noise-canceling headphones, low volume). Matyunin et al. (2019) showed that magnetometer data can also fingerprint websites and applications by their characteristic audio/vibration patterns. Magnetometer access requires no permission on most platforms, making this an unrestricted side channel.", "legacy_ids": [], "legacy_technique_id": "T2089", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:E/RV:F/NP:N", "score": 1.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0072", "QIF-T0080", "QIF-T0081", "T1040", "T1123" ], "secondary_tactics": [ "QIF-D.HV" ] }, "tara": { "mechanism": "Smartphone magnetometer captures electromagnetic emanations from nearby speaker voice coils to reconstruct audio content without acoustic coupling", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "magnetometer_access_audit", "EM_emanation_monitoring", "proximity_detection" ], "regulations": [ "ECPA (18 U.S.C. § 2511)", "GDPR Art. 5", "FCC Part 15 (incidental emissions)" ], "data_classification": "PII", "safety_ceiling": "Magnetometer access should require permission when used at high sampling rates; speaker shielding reduces magnetic emanations; distance increases attenuation rapidly" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "magnetometer_sensitivity_uT": "0.01-0.1", "effective_range_cm": "10-20", "audio_reconstruction_quality": "intelligible speech at close range", "requires_permission": "No (most platforms)" }, "hardware": [ "MEMS_magnetometer", "signal_processing_backend" ], "detection": "Magnetometer access frequency monitoring, correlation with nearby speaker activity, EM shielding of speaker voice coils" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:N/AU:N/R:A/V:D", "gap_group": 1, "gap_summary": "Eavesdropping via magnetic emanation; CVSS confidentiality metrics apply adequately" }, "feeds_into": { "targets": [ "QIF-D.HV" ], "note": "Magnetometer eavesdropping feeds ambient audio data harvest" }, "neurorights": { "affected": [ "MP" ], "cci": 0.12 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "No FDA pathway for consumer sensor exploitation", "Software-only attack without software lifecycle standard (IEC 62304)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "MEMS magnetometers in smartphones", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Matyunin et al. 2019", "Guri et al. 2020" ], "qif_contribution": "threat_recontextualization" }, "technique": "Magnetometer speaker-leakage eavesdropping (magnetic field emanation capture from speaker voice coils)", "tara_alias": "TARA-SIL-R-013", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0095", "attack": "Acoustic-to-neural profiling pipeline (consumer earbud escalation from audio to cognitive exploitation)", "tactic": "QIF-S.CH", "bands": "S1→S2→S3→I0→N1→N7", "band_ids": [ "S1", "S2", "S3", "I0", "N1", "N7" ], "coupling": "ACOUSTIC", "access": null, "classical": "Partial", "quantum": "Enhanced (QI coherence metric detects unauthorized neural data acquisition)", "sources": [ "Chain synthesis from: QIF-T0072 → QIF-T0073 → QIF-T0074 → QIF-T0079", "Kaveh et al. 2020 (In-ear EEG, IEEE Trans Biomed Eng)", "Martinovic et al. 2012 (BCI side channels, USENIX Security)", "NEC Corporation 2016 (Ear acoustic authentication)" ], "status": "EMERGING", "severity": "critical", "ui_category": "EX", "notes": "This technique documents the complete escalation chain from a single compromised consumer earbud to cognitive profiling. The chain proceeds: (1) T0072 — Speaker-to-mic reprogramming gives ambient audio eavesdropping, (2) T0079 — Ear canal acoustic fingerprinting silently identifies the wearer, (3) T0073 — Modified earbud with conductive ear tip captures in-ear EEG, (4) T0074 — Longitudinal EEG data feeds ML model for cognitive profiling. The end state: a single pair of compromised earbuds provides identity + ambient audio + continuous neural telemetry + personalized cognitive vulnerability profile — all from a device the target voluntarily wears for hours daily. Each step in the chain has been independently demonstrated or is emerging. The complete chain represents a consumer-device pathway to cognitive exploitation without any traditional BCI hardware. This is the canonical example of why the S-domain exists: consumer sensors as a pre-BCI attack surface.", "legacy_ids": [], "legacy_technique_id": "T2090", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:H/CV:I/RV:F/NP:T", "score": 4.0, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0072", "QIF-T0073", "QIF-T0074", "QIF-T0079" ], "secondary_tactics": [ "QIF-S.RP", "QIF-S.FP", "QIF-S.HV", "QIF-C.EX", "QIF-D.HV" ] }, "tara": { "mechanism": "Multi-stage escalation chain: speaker repurposing → ear canal fingerprinting → in-ear EEG capture → ML-based cognitive profiling, all from a single compromised consumer earbud", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Integrated hearing health + cognitive monitoring earbuds", "conditions": [ "hearing aid with cognitive load monitoring", "seizure detection + audio therapy delivery", "neurofeedback training via earbuds" ], "fda_status": "investigational", "evidence_level": "preclinical", "safe_parameters": "Each chain stage within individual safety bounds; cumulative data collection requires enhanced consent", "sources": [ "Kaveh et al. 2020 (IEEE Trans Biomed Eng)", "NEC 2016 (ear acoustic authentication)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "multi_stage_chain_detection", "cumulative_data_correlation_audit", "neural_data_access_monitoring" ], "regulations": [ "All regulations from T0072-T0074 apply cumulatively", "proposed neurorights legislation", "EU AI Act (high-risk biometric + cognitive)" ], "data_classification": "sensitive_neural", "safety_ceiling": "Full chain represents cognitive sovereignty violation; each escalation stage should trigger independent consent; supply chain integrity for earbuds critical" }, "engineering": { "coupling": [ "acoustic", "electromagnetic", "galvanic", "computational" ], "parameters": { "chain_stages": 4, "escalation_time": "minutes (hardware) to weeks (cognitive model training)", "data_types": "audio + identity + EEG + cognitive profile", "single_device": true }, "hardware": [ "modified_consumer_earbud", "conductive_ear_tip", "biopotential_amplifier", "BLE_transceiver", "cloud_ML_backend" ], "detection": "Multi-stage chain detection requires monitoring acoustic, biometric, neural, and cognitive data pipelines simultaneously; supply chain attestation most effective" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "N7 (PFC/M1) → executive function; I0 (electrode-tissue boundary) → measurement", "niss_correlation": "CR:H,CD:H,CV:I → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "supplemental": "S:P/AU:Y/R:A/V:C", "gap_group": 3, "gap_summary": "Multi-stage escalation from consumer sensor to cognitive profiling — cumulative privacy and cognitive liberty violation far exceeds any single CVSS metric" }, "feeds_into": { "targets": [ "QIF-C.EX", "QIF-M.SV", "QIF-D.HV" ], "note": "Complete earbud escalation chain feeds cognitive exploitation, model subversion, and comprehensive data harvest" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Consumer earbud pipeline components all available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_chain_synthesis", "original_authors": null, "qif_contribution": "chain_synthesis" }, "technique": "Acoustic-to-neural profiling pipeline (consumer earbud escalation from audio to cognitive exploitation)", "tara_alias": "TARA-COG-R-011", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0096", "attack": "Multi-modal biometric fusion attack (cross-sensor identity correlation for persistent tracking)", "tactic": "QIF-S.CH", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "No (classical pattern fusion)", "sources": [ "Chain synthesis from: QIF-T0079 (ear canal) + QIF-T0088 (gait) + QIF-T0091 (BLE) + QIF-T0093 (PPG)", "Ross et al. 2006 (Handbook of Multibiometrics, Springer)", "Hadid et al. 2015 (Biometrics Systems Under Spoofing Attack: An Evaluation Methodology and Lessons Learned, IEEE Signal Processing Magazine)" ], "status": "EMERGING", "severity": "critical", "ui_category": "CI", "notes": "By fusing biometric signatures from multiple consumer sensors — ear canal acoustics (T0079), gait pattern (T0088), BLE RF fingerprint (T0091), PPG waveform (T0093), and eye tracking (T0085 if VR/AR) — an attacker creates a multi-modal biometric profile that is virtually impossible to evade. Each individual biometric can potentially be disrupted (change earbuds, alter gait, disable Bluetooth), but the fusion of 3+ biometric channels provides robust identification even if individual channels are degraded. The fusion operates at the feature level (concatenated feature vectors) or decision level (majority voting across classifiers). This technique weaponizes the ubiquity of consumer sensors: the average person carries 10+ sensors across phone, watch, and earbuds. The combination creates a biometric surveillance net that no single privacy measure can defeat.", "legacy_ids": [], "legacy_technique_id": "T2091", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0079", "QIF-T0085", "QIF-T0088", "QIF-T0091", "QIF-T0093" ], "secondary_tactics": [ "QIF-S.FP", "QIF-D.HV", "QIF-N.SC" ] }, "tara": { "mechanism": "Fusion of biometric signatures from multiple consumer sensors (acoustic, IMU, RF, optical) to create robust multi-modal identity profile resistant to individual channel disruption", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Multi-modal patient identification for medication safety", "conditions": [ "patient identification in hospitals (multi-factor biometric)", "elderly person identification in care facilities", "clinical trial participant verification" ], "fda_status": "none", "evidence_level": "preclinical", "safe_parameters": "Each sensor within individual safety bounds; fusion layer is computational only", "sources": [ "Ross et al. 2006 (Handbook of Multibiometrics)", "Hadid et al. 2015 (IEEE SPM, biometric spoofing)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cross_sensor_correlation_detection", "multi_modal_fusion_audit", "biometric_data_aggregation_monitoring" ], "regulations": [ "GDPR Art. 9 (biometric data)", "Illinois BIPA", "EU AI Act (biometric identification)", "CCPA" ], "data_classification": "PII", "safety_ceiling": "Multi-modal biometric fusion creates near-irrevocable identity profile; exceeds single-biometric consent requirements; aggregate biometric data requires enhanced protection" }, "engineering": { "coupling": [ "computational" ], "parameters": { "modalities": "3-5 (acoustic, IMU, RF, optical, cardiac)", "fusion_strategy": "feature-level or decision-level", "identification_accuracy_pct": ">99 (3+ modalities)", "robustness_to_channel_loss": "maintains ID with any 2 of 4 channels" }, "hardware": [ "multi_sensor_consumer_devices", "ML_fusion_engine" ], "detection": "Cross-sensor data correlation monitoring, multi-modal biometric computation detection, aggregation audit logging" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:U/V:D", "gap_group": 2, "gap_summary": "Multi-modal biometric fusion creating near-irrevocable identity profile; aggregate biometric dimension exceeds individual CVSS confidentiality" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-N.SC" ], "note": "Multi-modal biometric fusion feeds persistent identity tracking at near-perfect accuracy" }, "neurorights": { "affected": [ "MP", "DI", "IDA" ], "cci": 1.35 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Multi-sensor consumer devices widely deployed", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_chain_synthesis", "original_authors": null, "qif_contribution": "chain_synthesis" }, "technique": "Multi-modal biometric fusion attack (cross-sensor identity correlation for persistent tracking)", "tara_alias": "TARA-IDN-R-004", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0097", "attack": "Cross-device physiological correlation (phone + watch + earbuds comprehensive health profiling)", "tactic": "QIF-S.CH", "bands": "S1→S2→S3→N7", "band_ids": [ "S1", "S2", "S3", "N7" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (QI coherence metric detects unauthorized health profiling if deployed)", "sources": [ "Chain synthesis from: T0075 (ultrasonic) + T0084 (rPPG) + T0089 (tremor) + T0090 (WiFi CSI) + T0093 (PPG)", "Majumder et al. 2017 (Wearable Sensors for Remote Health Monitoring, Sensors)", "Dunn et al. 2021 (Wearables and the medical revolution, Personalized Medicine)" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "SE", "notes": "The average consumer now carries 3+ sensor-equipped devices: smartphone (accelerometer, gyroscope, magnetometer, barometer, camera, microphone, ambient light, proximity, WiFi, BLE), smartwatch (PPG, accelerometer, gyroscope, SpO2, skin temperature, ECG), and earbuds (microphone, accelerometer, proximity, potentially EEG). By correlating physiological data across all devices simultaneously, an attacker builds a comprehensive health profile far exceeding what any single device captures: cardiac health (watch PPG + phone rPPG), respiratory health (phone ultrasonic + WiFi CSI), neurological health (earbud IMU tremor + phone motor patterns), mental health (watch HRV + earbud audio context + phone screen activity), and metabolic health (activity + sleep + heart rate patterns). The correlation also eliminates single-sensor noise and improves accuracy. This technique doesn't require hardware modification — only software-level data aggregation across apps on a shared platform (e.g., iOS HealthKit, Google Health Connect).", "legacy_ids": [], "legacy_technique_id": "T2092", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0075", "QIF-T0084", "QIF-T0089", "QIF-T0090", "QIF-T0093" ], "secondary_tactics": [ "QIF-S.HV", "QIF-D.HV" ] }, "tara": { "mechanism": "Cross-device physiological data correlation across phone + watch + earbuds to build comprehensive health profile exceeding single-device capability", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Multi-device remote patient monitoring for chronic disease management", "conditions": [ "heart failure decompensation prediction (multi-sensor)", "diabetes management (activity + sleep + heart rate correlation)", "mental health monitoring (multi-modal behavioral markers)", "clinical trial endpoint monitoring" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Each device within individual safety bounds; data aggregation requires platform-level health data consent", "sources": [ "Majumder et al. 2017 (Sensors, wearable remote health monitoring)", "Dunn et al. 2021 (Personalized Medicine, wearables)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cross_device_data_correlation_audit", "health_data_aggregation_monitoring", "platform_API_access_audit" ], "regulations": [ "HIPAA", "GDPR Art. 9", "EU AI Act (high-risk health AI)", "21 CFR Part 11", "proposed digital health regulations" ], "data_classification": "PHI", "safety_ceiling": "Cross-device health profiling exceeds individual device consent; platform-level health data access requires comprehensive informed consent; purpose limitation for health inference" }, "engineering": { "coupling": [ "computational" ], "parameters": { "devices_correlated": "3+ (phone, watch, earbuds)", "sensor_modalities": "10+ across devices", "health_domains_covered": "cardiac, respiratory, neurological, mental, metabolic", "data_aggregation": "platform API (HealthKit/Health Connect) or direct app access" }, "hardware": [ "smartphone", "smartwatch", "consumer_earbuds", "cloud_aggregation_backend" ], "detection": "Cross-app data sharing monitoring, health data API access auditing, unusual data aggregation patterns across device ecosystem" }, "dsm5": { "primary": [ { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N7 (PFC/M1) → executive function", "niss_correlation": "CV:I → cognitive/psychotic cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:P/AU:Y/R:A/V:D", "gap_group": 3, "gap_summary": "Comprehensive cross-device health profiling — aggregate health privacy violation far exceeds individual sensor CVSS scores" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-S.HV" ], "note": "Cross-device health profiling feeds comprehensive physiological data harvest" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "IDA" ], "cci": 2.25 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Cross-device correlation via consumer devices", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_chain_synthesis", "original_authors": null, "qif_contribution": "chain_synthesis" }, "technique": "Cross-device physiological correlation (phone + watch + earbuds comprehensive health profiling)", "tara_alias": "TARA-AUT-R-007", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0098", "attack": "WiFi + camera passive surveillance fusion (through-wall presence detection with visual identification)", "tactic": "QIF-S.CH", "bands": "S1→S2→S3", "band_ids": [ "S1", "S2", "S3" ], "coupling": "RF", "access": null, "classical": "Yes", "quantum": "No (classical signal fusion)", "sources": [ "Chain synthesis from: QIF-T0084 (rPPG) + QIF-T0090 (WiFi CSI)", "Li et al. 2019 (Wi-Fi See It All: Generative Adversarial Network Augmented Transparent Sensing, ACM SenSys)", "Zhao et al. 2018 (Through-Wall Human Pose Estimation Using Radio Signals, CVPR)" ], "status": "EMERGING", "severity": "critical", "ui_category": "SE", "notes": "WiFi CSI (T0090) provides through-wall presence detection, vital signs, and coarse pose estimation but cannot visually identify targets. Cameras (T0084) provide visual identification and remote PPG but require line of sight. By fusing WiFi CSI and camera data, an attacker achieves persistent surveillance that combines the strengths of both: WiFi tracks targets through walls and identifies them by body shape/gait, while cameras provide visual identification when line of sight is available. The fusion enables: handoff tracking (camera identifies person entering a building, WiFi CSI tracks them inside), activity recognition (WiFi CSI classifies activity, camera confirms), and vital sign correlation (WiFi breathing rate + camera heart rate). Zhao et al. (2018) demonstrated that WiFi signals alone can reconstruct 2D human poses comparable to visual skeleton tracking. This creates a surveillance system that requires no devices on the target and works through physical barriers.", "legacy_ids": [], "legacy_technique_id": "T2093", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N", "score": 2.0, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0084", "QIF-T0090", "T1040", "T1557" ], "secondary_tactics": [ "QIF-S.HV", "QIF-D.HV", "QIF-N.SC" ] }, "tara": { "mechanism": "Fusion of WiFi CSI through-wall sensing with camera-based visual identification for persistent surveillance that works through physical barriers", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Ambient assisted living for elderly monitoring", "conditions": [ "elderly fall detection (through-wall + visual confirmation)", "dementia patient monitoring in care facilities", "post-surgical recovery activity monitoring" ], "fda_status": "none", "evidence_level": "preclinical", "safe_parameters": "Standard WiFi power levels; standard camera; passive sensing only; informed consent from all monitored persons", "sources": [ "Zhao et al. 2018 (CVPR, RF-based pose estimation)", "Li et al. 2019 (ACM SenSys, WiFi transparent sensing)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "WiFi_CSI_extraction_detection", "camera_surveillance_audit", "fusion_system_deployment_detection" ], "regulations": [ "Fourth Amendment (US, through-wall surveillance)", "ECPA", "GDPR Art. 5", "EU AI Act (biometric surveillance)" ], "data_classification": "PII", "safety_ceiling": "Through-wall surveillance constitutes warrantless search in most jurisdictions; requires explicit consent from all monitored persons; deployment detection mechanisms needed" }, "engineering": { "coupling": [ "electromagnetic", "optical" ], "parameters": { "WiFi_detection_range_m": "1-10 through walls", "camera_identification_range_m": "1-50 line of sight", "pose_estimation_accuracy": "comparable to visual skeleton tracking (WiFi alone)", "fusion_strategy": "temporal correlation + identity handoff" }, "hardware": [ "WiFi_AP_with_CSI_support", "RGB_camera", "fusion_backend" ], "detection": "CSI extraction monitoring, camera placement auditing, fusion system network traffic analysis" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Through-wall surveillance fusion; physical privacy intrusion and persistent tracking exceed standard CVSS confidentiality" }, "feeds_into": { "targets": [ "QIF-D.HV", "QIF-N.SC" ], "note": "WiFi + camera fusion feeds comprehensive surveillance and persistent identity tracking" }, "neurorights": { "affected": [ "MP", "DI" ], "cci": 0.9 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "WiFi CSI + RGB cameras both available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_chain_synthesis", "original_authors": null, "qif_contribution": "chain_synthesis" }, "technique": "WiFi + camera passive surveillance fusion (through-wall presence detection with visual identification)", "tara_alias": "TARA-SIL-R-014", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0099", "attack": "Consumer-sensor-to-BCI kill chain escalation (pre-implant reconnaissance and cognitive priming via consumer devices)", "tactic": "QIF-S.CH", "bands": "S1→S2→S3→I0→N1→N7", "band_ids": [ "S1", "S2", "S3", "I0", "N1", "N7" ], "coupling": null, "access": null, "classical": "Partial", "quantum": "Enhanced (QI coherence metric monitors S-domain-to-BCI transition integrity)", "sources": [ "Chain synthesis from: S-domain techniques → core TARA BCI techniques", "Yuste et al. 2017 (Four ethical priorities for neurotechnologies and AI, Nature)", "Ienca & Andorno 2017 (Towards new human rights in the age of neuroscience, Life Sciences Society and Policy)", "Landau et al. 2020 (Mind Reading: An Idea Whose Time Has Come?)" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "EX", "notes": "This capstone technique documents the full S-domain-to-BCI escalation kill chain: how consumer sensor exploitation serves as reconnaissance and preparation for subsequent BCI attacks. The chain proceeds in phases: (1) RECON — Consumer sensors (phone, watch, earbuds) establish behavioral baseline: gait patterns (T0088), cardiac signature (T0093), neurological profile (T0089), cognitive patterns (T0085 if VR/AR). (2) FINGERPRINT — Multi-modal biometric fusion (T0096) creates persistent identity profile. (3) PROFILE — Cross-device correlation (T0097) builds comprehensive health/cognitive baseline. (4) ESCALATE — When the target receives a BCI (medical implant, consumer neural interface), the attacker's pre-existing profile informs: optimal attack parameters for neural injection (calibrated to individual's neural baseline), personalized evasion of anomaly detection (trained on their 'normal'), and targeted cognitive exploitation (leveraging known cognitive vulnerabilities). The S-domain reconnaissance makes BCI attacks more effective, more targeted, and harder to detect. This technique represents the strategic justification for the entire S-domain: consumer sensors are the advance scout for future BCI exploitation.", "legacy_ids": [], "legacy_technique_id": "T2094", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:H/CV:I/RV:T/NP:T", "score": 4.7, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0001", "QIF-T0003", "QIF-T0041", "QIF-T0074", "QIF-T0088", "QIF-T0089", "QIF-T0093", "QIF-T0095", "QIF-T0096", "QIF-T0097" ], "secondary_tactics": [ "QIF-S.RP", "QIF-S.FP", "QIF-S.HV", "QIF-B.IN", "QIF-C.EX", "QIF-N.SC", "QIF-D.HV" ] }, "tara": { "mechanism": "Full S-domain-to-BCI escalation: consumer sensor reconnaissance builds behavioral/physiological/cognitive baseline that informs and optimizes subsequent BCI attack parameters", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Pre-surgical neurological baseline assessment for BCI implant calibration", "conditions": [ "BCI implant pre-surgical planning (behavioral baseline)", "neural interface calibration (cognitive baseline)", "personalized neuroprosthetic fitting", "rehabilitation baseline assessment" ], "fda_status": "investigational", "evidence_level": "preclinical", "safe_parameters": "Pre-implant assessment conducted under clinical protocol; informed consent for all data collection phases; data used only for therapeutic calibration", "sources": [ "Yuste et al. 2017 (Nature, neurotechnology ethics)", "Ienca & Andorno 2017 (neurorights)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cross_domain_escalation_detection", "pre_BCI_reconnaissance_audit", "consumer_to_neural_data_pipeline_monitoring" ], "regulations": [ "All consumer sensor regulations + all BCI regulations apply cumulatively", "proposed neurorights legislation", "EU AI Act", "HIPAA" ], "data_classification": "sensitive_neural", "safety_ceiling": "Consumer sensor data collected pre-BCI must not persist into BCI context without explicit re-consent; S-domain-to-BCI data handoff is a critical consent boundary; cognitive sovereignty requires clean break between consumer and neural data domains" }, "engineering": { "coupling": [ "acoustic", "electromagnetic", "optical", "mechanical", "computational" ], "parameters": { "recon_phase_duration": "weeks to months", "escalation_phases": 4, "data_types": "behavioral + physiological + biometric + cognitive", "BCI_attack_effectiveness_improvement": "estimated 2-5x with S-domain recon" }, "hardware": [ "consumer_phone", "smartwatch", "earbuds", "BCI_implant_or_interface" ], "detection": "S-domain-to-BCI transition monitoring is the critical detection point; consumer data aggregation auditing; BCI calibration data provenance verification" }, "dsm5": { "primary": [ { "code": "F43.2", "name": "Adjustment Disorder", "confidence": "established" }, { "code": "F45", "name": "Somatoform disorders", "confidence": "established" }, { "code": "F44.4", "name": "Conversion Disorder", "confidence": "established" }, { "code": "F20", "name": "Schizophrenia Spectrum", "confidence": "established" }, { "code": "F32", "name": "Major Depressive Disorder", "confidence": "established" }, { "code": "F90", "name": "ADHD", "confidence": "established" }, { "code": "F42", "name": "OCD", "confidence": "established" } ], "secondary": [ { "code": "F82", "name": "Developmental Coordination Disorder", "confidence": "probable" }, { "code": "F30", "name": "Manic episode", "confidence": "established" }, { "code": "F43", "name": "PTSD / Trauma", "confidence": "established" }, { "code": "F80", "name": "Communication Disorders", "confidence": "established" }, { "code": "F60", "name": "Personality Disorders", "confidence": "probable" }, { "code": "F63", "name": "Impulse-Control Disorders", "confidence": "probable" }, { "code": "F01", "name": "Vascular dementia", "confidence": "established" }, { "code": "F98.4", "name": "Stereotyped movement disorders", "confidence": "established" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "N7 (PFC/M1) → executive function; I0 (electrode-tissue boundary) → measurement", "niss_correlation": "CR:H,CD:H,CV:I → motor/neurocognitive cluster" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L", "supplemental": "S:P/AU:Y/R:U/V:C", "gap_group": 3, "gap_summary": "Full consumer-to-BCI kill chain — the culmination of all S-domain techniques feeding BCI exploitation; cognitive sovereignty violation at maximum scope; no CVSS equivalent" }, "feeds_into": { "targets": [ "QIF-B.IN", "QIF-N.SC", "QIF-N.IJ", "QIF-C.EX", "QIF-D.HV", "QIF-M.SV" ], "note": "Capstone technique: S-domain reconnaissance feeds all core BCI attack tactics with personalized, pre-calibrated attack parameters" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "IDA", "PC" ], "cci": 2.25 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.2, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Consumer sensor kill chain components all exist today", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_chain_synthesis", "original_authors": null, "qif_contribution": "chain_synthesis" }, "technique": "Consumer-sensor-to-BCI kill chain escalation (pre-implant reconnaissance and cognitive priming via consumer devices)", "tara_alias": "TARA-COG-R-012", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0100", "attack": "Neural steganographic encoding (inaudible audio watermarking for covert neural command/biofingerprint channel)", "tactic": "QIF-S.CH", "bands": "S3→S1→I0→N1→N4→N7", "band_ids": [ "S3", "S1", "I0", "N1", "N4", "N7" ], "coupling": "ACOUSTIC", "access": null, "classical": "Yes", "quantum": "No", "sources": [ "Deshotels 2014 (Inaudible sound as a covert channel)", "Carrara 2015 (Ultrasonic data transmission)", "Fletcher 1940 (Psychoacoustic masking curves)", "Galambos 1981 (40 Hz auditory steady-state response)", "Persinger 2003 (Infrasonic effects on vestibular system)", "Chaieb et al. 2015 (Neuropsychologia, binaural beat effects)" ], "status": "PLAUSIBLE", "severity": "low", "ui_category": "CI", "notes": "Embedding data in audio signals below the human hearing threshold (>18 kHz ultrasonic or <20 Hz infrasonic) or within psychoacoustic masking bands of audible content. The encoded signal is imperceptible to the listener but decodable by a receiver with knowledge of the encoding scheme. In the adversarial case, the hidden channel carries covert commands, tracking identifiers, or subliminal cues targeting auditory processing pathways (e.g., triggering pre-conditioned responses or influencing decision-making). In the protective case, the same physics enables steganographic embedding of neural biofingerprints for authentication — the signal evokes a measurable auditory evoked potential (AEP) unique to the individual's cochlear geometry and auditory cortex response, functioning as a biometric watermark. Initial enrollment/profiling phase required to capture individual's unique AEP response. Practical constraints include target device's ability to accurately reproduce encoded frequencies and effective transmission range (1-10m). Psychoacoustic masking threshold follows: T_mask(f) = L_masker - (sf × |f - f_masker|) where sf is the spreading factor (~25 dB/Bark on upper slope, ~10 dB/Bark on lower slope). Auditory steady-state response (ASSR) at 40 Hz provides the mechanism for neural biofingerprint verification. Proves TARA's cross-domain dual-use thesis: same physics operates as attack vector, defense mechanism, and therapeutic tool.", "legacy_ids": [], "legacy_technique_id": "T2100", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:P/RV:F/NP:N", "score": 1.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0072", "QIF-T0073", "QIF-T0074", "QIF-T0079" ], "secondary_tactics": [ "QIF-S.CH", "QIF-S.FP", "QIF-N.SC" ] }, "tara": { "mechanism": "Inaudible audio carriers (ultrasonic 18-22 kHz or infrasonic <20 Hz) or psychoacoustically masked signals embedded within audible content, propagating through consumer audio hardware to auditory nerve and cortex", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Auditory brainstem response (ABR) audiometry, ASSR-based hearing threshold estimation, tinnitus masking therapy", "conditions": [ "ABR audiometry in infants and non-verbal patients", "ASSR hearing threshold estimation", "tinnitus masking therapy (sound-based tinnitus reduction)", "binaural beat therapy for anxiety and sleep disorders (Chaieb et al. 2015)", "cochlear implant fitting and calibration", "neural authentication for locked-in syndrome patients (AEP-based identity verification)" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "Therapeutic audio at safe SPL (<85 dB); ultrasonic carriers within OSHA limits; informed consent for all stimulation protocols", "sources": [ "Galambos 1981 (40 Hz ASSR)", "Chaieb et al. 2015 (Neuropsychologia, binaural beats)", "Kaveh et al. 2020 (IEEE Trans Biomed Eng, in-ear EEG)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "ultrasonic_emission_detection", "psychoacoustic_analysis", "AEP_enrollment_audit", "data_encryption_status" ], "regulations": [ "HIPAA (if health/biometric data derived)", "GDPR Art. 9 (biometric data)", "FCC Part 15 (ultrasonic emissions)" ], "data_classification": "sensitive_biometric", "safety_ceiling": "Audio emissions within consumer SPL limits; informed consent for any biometric enrollment; AEP data encrypted at rest and in transit" }, "engineering": { "coupling": [ "acoustic" ], "parameters": { "carrier_frequency_kHz": "18-22 (ultrasonic) or 0.002-0.020 (infrasonic)", "data_rate_bps": "50-200 (ultrasonic), up to 1000 (spread-spectrum)", "detection_range_m": "1-10", "SNR_requirement_dB": ">10", "encoding_schemes": "FSK, OFDM, spread-spectrum" }, "hardware": [ "consumer_speaker", "consumer_microphone", "DSP_processor" ], "detection": "Spectral analysis of audio output for ultrasonic/infrasonic components, psychoacoustic masking anomaly detection, AEP baseline comparison" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S→I0→N pathway exists but covert channel alone does not induce diagnostic-level effects", "niss_correlation": "CR:L,CD:L — subliminal processing; no tissue damage or neuroplastic change" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "supplemental": "S:N/AU:N/R:A/V:D", "gap_group": 1, "gap_summary": "Covert channel partially captured by CVSS confidentiality; neural biofingerprint and subliminal cognitive dimensions not expressible" }, "feeds_into": { "targets": [ "QIF-S.CH", "QIF-S.FP", "QIF-N.SC" ], "note": "Enables covert command channels and biometric authentication; chains with T0072-T0074 audio techniques" }, "neurorights": { "affected": [ "MP", "MI" ], "cci": 0.32 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "No FDA pathway for consumer sensor exploitation", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Consumer speakers and DSP sufficient", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Deshotels 2014", "Carrara 2015", "Fletcher 1940" ], "qif_contribution": "threat_recontextualization" }, "technique": "Neural steganographic encoding (inaudible audio watermarking for covert neural command/biofingerprint channel)", "tara_alias": "TARA-AUD-M-002", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0101", "attack": "Multi-modal keystroke inference via acoustic-optical-RF fusion (password/input recovery without mic/camera permissions)", "tactic": "QIF-S.SC", "bands": "S3→S2→S1", "band_ids": [ "S3", "S2", "S1" ], "coupling": "ACOUSTIC+ELECTROMAGNETIC+OPTICAL", "access": null, "classical": "Yes", "quantum": "No", "sources": [ "Compagno et al. 2017 (Don't Skype & Type: Acoustic Eavesdropping in VoIP)", "Ali et al. 2015 (WiKey: Keystroke Recognition Using WiFi, MobiCom)", "Spreitzer et al. 2018 (Systematic classification of side-channel attacks on mobile devices, ACM Computing Surveys)", "Zhou et al. 2018 (WiFi CSI human activity recognition survey)", "Giancardo et al. 2016 (Keystroke dynamics for Parkinson's, Scientific Reports)" ], "status": "DEMONSTRATED", "severity": "medium", "ui_category": "EX", "notes": "Fusion of three independent side channels from a single mobile device to reconstruct user input without requiring microphone, camera, or accessibility permissions. (1) Keystroke acoustic emanations: each key press produces a distinct acoustic signature (1-20 kHz broadband impulse, classifiable via MFCC + CNN at ~95% accuracy on laptops, lower but still viable on touchscreens). (2) Screen optical emission: display luminance changes of ~0.1-1% per character insertion detectable by ambient light sensor at <0.01 lux sensitivity. (3) WiFi CSI: finger movements modulate OFDM subcarrier phase — σ²_phase > threshold indicates keystroke events. Individual channel accuracy: 60-70% acoustic, 40-50% optical, 55-65% WiFi CSI. Fused via CRF/LSTM with temporal cross-correlation alignment: >95% accuracy with 30+ training samples per key. Critical insight: apps requesting speaker + WiFi permissions (trivially granted) achieve side-channel equivalent to camera + microphone (heavily restricted). Permission model does not reflect actual threat.", "legacy_ids": [], "legacy_technique_id": "T2101", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:L/CV:P/RV:F/NP:N", "score": 1.4, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0080", "QIF-T0085", "QIF-T0090", "QIF-T0096" ], "secondary_tactics": [ "QIF-S.SC", "QIF-S.RP", "QIF-C.EX" ] }, "tara": { "mechanism": "Temporal fusion of acoustic keystroke emanations, screen optical luminance changes, and WiFi CSI phase variance to reconstruct typed input including passwords", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Sensor fusion for motor disorder assessment and digital biomarker collection", "conditions": [ "early Parkinson's detection via keystroke rhythm changes (Giancardo et al. 2016)", "tremor characterization via mobile phone sensor fusion", "cognitive decline monitoring via screen interaction patterns (Vaportzis et al. 2017)", "depression screening via touchscreen pressure/timing analysis (Zulueta et al. 2018)", "WiFi CSI contactless fall detection in elder care (Wang et al. 2017)" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Passive sensor monitoring only; no stimulation; informed consent for behavioral data collection; data anonymized at aggregation", "sources": [ "Giancardo et al. 2016 (Scientific Reports, keystroke Parkinson's)", "Zulueta et al. 2018 (J Med Internet Res, depression digital biomarkers)", "Wang et al. 2017 (WiGest, WiFi-based gesture recognition)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "side_channel_emission_audit", "permission_scope_review", "multi_sensor_correlation_detection" ], "regulations": [ "HIPAA (if health data inferred)", "GDPR Art. 9 (behavioral biometrics)", "FTC (deceptive data practices)" ], "data_classification": "PII", "safety_ceiling": "Side-channel monitoring requires explicit informed consent; fused biometric/behavioral data subject to data minimization requirements" }, "engineering": { "coupling": [ "acoustic", "electromagnetic", "optical" ], "parameters": { "acoustic_bandwidth_Hz": "1-20000", "optical_sensitivity_lux": "<0.01", "wifi_csi_subcarriers": "52-256", "wifi_csi_rate_Hz": "100-1000", "fusion_accuracy_percent": ">95 (with 30+ training samples/key)", "individual_channel_accuracy": "60-70% acoustic, 40-50% optical, 55-65% CSI" }, "hardware": [ "device_microphone_or_nearby_mic", "ambient_light_sensor", "wifi_chipset_with_CSI" ], "detection": "Anomalous correlation between acoustic/optical/RF sensors, unexpected ambient light sensor polling frequency, WiFi CSI extraction outside normal network operations" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "supplemental": "S:N/AU:Y/R:A/V:D", "gap_group": 2, "gap_summary": "Multi-modal side-channel partially captured by CVSS confidentiality; behavioral biometric inference and permission model gap not expressible" }, "feeds_into": { "targets": [ "QIF-C.EX", "QIF-S.RP" ], "note": "Password recovery enables downstream account compromise; behavioral data feeds cognitive profiling" }, "neurorights": { "affected": [ "MP", "IDA" ], "cci": 0.4 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "SA", "PM" ], "coverage_score": 0.5, "gaps": [ "CVSS partially captures risk; neural dimensions missing", "No FDA pathway for consumer sensor exploitation" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Consumer microphone + ALS + WiFi all in current devices", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Compagno et al. 2017", "Ali et al. 2015" ], "qif_contribution": "threat_recontextualization" }, "technique": "Multi-modal keystroke inference via acoustic-optical-RF fusion (password/input recovery without mic/camera permissions)", "tara_alias": "TARA-SIL-R-015", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0102", "attack": "Passive facial geometry estimation via display-as-illuminator inverse photometry (presence/orientation detection without camera)", "tactic": "QIF-S.SC", "bands": "S3→S2", "band_ids": [ "S3", "S2" ], "coupling": "OPTICAL", "access": null, "classical": "Yes", "quantum": "No", "sources": [ "Yang et al. 2016 (Screen light PPG for heart rate)", "Davis et al. 2014 (Visual Microphone, SIGGRAPH)", "de Haan & Jeanne 2013 (Robust pulse rate from chrominance-based rPPG)", "Spreitzer et al. 2018 (Ambient light sensor side channels, ACM Computing Surveys)" ], "status": "SPECULATIVE", "severity": "low", "ui_category": "CI", "notes": "The device display functions as a structured light source — each frame emits a known photon distribution. Reflected light from the user's face is captured by the ambient light sensor (ALS). The known spectral emission S(x,y,λ) and measured reflected irradiance E_sensor = ∫∫ ρ(x,y)cos(θ)S(x,y,λ)/r² dA constrain an inverse photometry problem. CRITICAL FEASIBILITY CAVEAT: A single ALS integrates the entire reflected light field into one scalar value, making 3D geometric reconstruction an ill-posed inverse problem. With current single-sensor hardware, achievable resolution is limited to basic presence detection, head orientation, and coarse proximity estimation — NOT high-fidelity facial geometry. Identity matching might be feasible only against a small template library with strong a priori constraints. Future multi-pixel ALS or multi-sensor arrays could significantly improve reconstruction fidelity. Despite geometric limitations, the same ALS reliably detects physiological signals: pulse-modulated skin reflectance for PPG heart rate (demonstrated in Samsung Galaxy phones) and skin color variations for SpO2 estimation.", "legacy_ids": [], "legacy_technique_id": "T2102", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:N/CD:N/CV:P/RV:F/NP:N", "score": 0.7, "severity": "low", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0101", "QIF-T0096" ], "secondary_tactics": [ "QIF-S.SC", "QIF-S.FP" ] }, "tara": { "mechanism": "Display photon emission reflects off user's face; ambient light sensor captures aggregate reflected irradiance; inverse photometry estimates facial presence, orientation, and physiological signals", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Photoplethysmography (PPG) via screen light for contactless vital sign monitoring", "conditions": [ "contactless heart rate monitoring via screen-based PPG (Samsung Galaxy, demonstrated)", "remote SpO2 estimation via skin color variation (de Haan & Jeanne 2013)", "neonatal jaundice screening via skin color analysis from reflected screen light", "facial affect recognition for depression monitoring without camera", "dermatological screening via structured light skin assessment" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "Display at normal brightness; passive optical sensing only; no UV/IR emission beyond standard display spectrum", "sources": [ "Yang et al. 2016 (screen-based PPG)", "de Haan & Jeanne 2013 (chrominance rPPG)" ] }, "governance": { "consent_tier": "standard", "monitoring": [ "ambient_light_sensor_polling_rate_audit", "screen_content_correlation_detection" ], "regulations": [ "GDPR Art. 9 (biometric/health data)", "HIPAA (if health data derived)", "FTC (deceptive sensor practices)" ], "data_classification": "PII", "safety_ceiling": "Normal display operation; passive sensing; informed consent for any biometric or health data derivation" }, "engineering": { "coupling": [ "optical" ], "parameters": { "display_luminance_nits": "500-1000", "spectral_range_nm": "430-660 (RGB primaries)", "facial_reflectance_albedo": "0.1-0.4", "sensor_face_distance_cm": "20-50", "ALS_sensitivity_lux": "0.001", "ALS_sampling_rate_Hz": "10-200", "achievable_resolution": "presence/orientation/proximity (single ALS); ~10-20 landmarks (multi-sensor, speculative)" }, "hardware": [ "device_display", "ambient_light_sensor" ], "detection": "Anomalous ALS polling frequency, screen content modulation patterns inconsistent with UI rendering, correlation between display changes and ALS readings" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — no neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "supplemental": "S:N/AU:N/R:A/V:D", "gap_group": 1, "gap_summary": "Ambient light sensor side channel partially captured by CVSS; physiological data extraction dimension not expressible" }, "feeds_into": { "targets": [ "QIF-S.FP", "QIF-S.RP" ], "note": "Presence and physiological data feed identity profiling and behavioral reconnaissance" }, "neurorights": { "affected": [ "MP", "IDA" ], "cci": 0.16 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.4, "gaps": [ "No FDA pathway for consumer sensor exploitation", "Threat not yet in regulatory threat catalogs" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Display and ambient light sensor in all devices", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-02-18" }, "origin": { "category": "qif_recontextualized", "original_authors": [ "Yang et al. 2016", "Davis et al. 2014" ], "qif_contribution": "threat_recontextualization" }, "technique": "Passive facial geometry estimation via display-as-illuminator inverse photometry (presence/orientation detection without camera)", "tara_alias": "TARA-VIS-R-002", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "tara_enrichment_pending": false }, { "id": "QIF-T0103", "attack": "SSVEP Frequency Hijack via Imperceptible Display Flicker", "tactic": "QIF-C.EX", "bands": "S3→N7", "band_ids": [ "S3", "I0", "N7" ], "coupling": null, "access": null, "classical": "Yes (stimulus presentation is classical)", "quantum": "Enhanced (SSVEP coherence exploitable via QI)", "sources": [ "Ming et al. 2023 (J Neural Engineering, 60Hz imperceptible SSVEP, 52.8 bits/min)", "Bian et al. 2022 (J Neural Engineering, SSVEP square wave attacks)", "Upadhayay & Behzadan 2023 (IEEE SMC, sensory-channel BCI attacks)", "Meng et al. 2024 (Future Gen Comp Sys, adversarial EEG filtering)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "PE", "notes": "Exploit the SSVEP pathway by injecting imperceptible display flicker (above critical flicker fusion threshold, ~60Hz) that drives visual cortex responses without user awareness. Proven: Ming et al. 2023 demonstrated 60Hz flickers invisible to users produce classifiable SSVEP responses at 52.8 bits/min. Attack scenarios: (1) inject false BCI commands by matching SSVEP control frequencies, (2) jam BCI operation with broadband visual noise, (3) exfiltrate neural state via stimulus-response probing, (4) trigger photosensitive seizures at epileptogenic frequencies. Unlike T0040 (neurophishing via app-layer stimuli), this attack operates at the display hardware level and requires no BCI application cooperation. The display itself becomes the attack vector.", "legacy_ids": [], "legacy_technique_id": "T2103", "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:I/RV:P/NP:T", "score": 6.0, "severity": "medium", "pins": false }, "cross_references": { "related_ids": [ "QIF-T0040", "QIF-T0010", "QIF-T0009" ], "secondary_tactics": [ "QIF-N.IJ", "QIF-B.IN" ] }, "tara": { "mechanism": "Display renders imperceptible flicker patterns at frequencies matching SSVEP response bands. Visual cortex phase-locks to stimulus below conscious awareness. BCI decoder interprets evoked response as user command or is jammed by broadband interference.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "High-frequency SSVEP-based BCI for locked-in patients", "conditions": [ "ALS/locked-in syndrome communication (SSVEP-BCI, FDA investigational)", "attention assessment via covert SSVEP monitoring", "visual pathway integrity testing" ], "fda_status": "investigational", "evidence_level": "RCT", "safe_parameters": "Disclosed frequencies only; avoid epileptogenic bands (15-25 Hz); monitor for photosensitive responses; session duration limits", "sources": [ "Ming et al. 2023 (J Neural Eng)", "Bian et al. 2022 (J Neural Eng)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "display_flicker_audit", "SSVEP_response_monitoring", "seizure_risk_screening" ], "regulations": [ "HIPAA", "GDPR Art. 9", "IEC 62304 (display firmware)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "No covert visual stimulation; photosensitive epilepsy screening mandatory; display firmware integrity verification" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "frequency_hz": "60+ (above CFF, imperceptible)", "modality": "visual (display backlight or pixel modulation)", "information_rate_bpm": "52.8 (demonstrated)", "attack_range": "line of sight to display" }, "hardware": [ "display_panel", "backlight_controller", "BCI_headset" ], "detection": "Display frame-rate analysis, sub-frame luminance monitoring, SSVEP response correlation with non-user-initiated stimuli, firmware integrity checking on display controllers" }, "dsm5": { "primary": [ { "code": "F44", "name": "Conversion Disorder (functional neurological)", "confidence": "probable" } ], "secondary": [ { "code": "F41", "name": "Anxiety Disorders", "confidence": "probable" }, { "code": "F43.1", "name": "PTSD", "confidence": "theoretical" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "S3 (display) → I0 (retina/optic nerve) → N7 (visual cortex V1) → BCI decoder", "niss_correlation": "BI:L (seizure risk), CR:H,CD:H (false command injection), CV:I (no consent)" }, "icd10": { "primary": [ { "code": "G40.409", "name": "Other generalized epilepsy, not intractable, without status epilepticus", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic" } }, "cvss": { "version": "4.0", "base_vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:L/SA:N", "supplemental": "S:P/AU:N/R:U/V:C", "gap_group": 3, "gap_summary": "CVSS cannot express neural command injection via visual pathway; seizure induction risk has no CVSS dimension" }, "neurorights": { "affected": [ "MP", "CL", "MI", "DI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.4, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation", "Consent complexity under-matches neural impact (CCI/NISS mismatch)" ] } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Standard displays capable of 60Hz+ modulation; SSVEP response demonstrated in literature", "constraint_system_ref": "QIF Derivation Log Entry 66", "analysis_date": "2026-02-18" }, "origin": { "category": "literature", "original_authors": [ "Ming et al. 2023", "Bian et al. 2022", "Upadhayay & Behzadan 2023" ], "qif_contribution": "framework_mapping" }, "technique": "SSVEP Frequency Hijack via Imperceptible Display Flicker", "tara_alias": "TARA-VIS-M-002", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "tara_enrichment_pending": false }, { "id": "QIF-T0104", "attack": "Neural spoofing", "tactic": "QIF-N.IJ", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (coherence metric)", "sources": [ "Lopez Bernal et al. 2023 (CACM, Eight Reasons to Prioritize BCI Cybersecurity)" ], "status": "THEORETICAL", "severity": "high", "ui_category": "SI", "notes": "Forge neural identity to impersonate a legitimate BCI node or user. Analogous to IP/ARP spoofing. From Murcia neural cyberattack taxonomy (8 attacks: flooding, jamming, scanning, selective forwarding, spoofing, sybil, sinkhole, nonce). QIF-T0025-T0028 cover 4; this and T0105-T0107 cover the remaining 4.", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:E/RV:P/NP:N", "score": 4.7, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [ "T1656" ] }, "origin": { "category": "literature", "original_authors": [ "Lopez Bernal et al. 2023 (Murcia taxonomy, CACM)" ], "qif_contribution": "framework_mapping" }, "tara_enrichment_pending": false, "technique": "Neural spoofing", "tara_alias": "TARA-SOM-M-004", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MP", "CL", "MI" ], "cci": 0.36 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Forging neural identity signatures to impersonate a legitimate BCI node or user, analogous to IP/ARP spoofing in network security", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Mutual authentication required; cryptographic identity binding at BCI transport layer" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "protocol_layer": "transport/identity", "latency_impact_ms": "variable" }, "hardware": [ "BCI_transceiver", "protocol_analyzer", "signal_generator" ], "detection": "Cryptographic identity verification, behavioral biometric consistency, timing analysis" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — BCI protocol spoofing, no direct neural pathway", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "physics_feasibility": { "tier": 0, "tier_label": "no_physics_gate", "timeline": "now", "gate_reason": "Software/protocol attack — physics does not constrain", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0105", "attack": "Neural sybil", "tactic": "QIF-N.IJ", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (coherence metric)", "sources": [ "Lopez Bernal et al. 2023 (CACM, Eight Reasons to Prioritize BCI Cybersecurity)" ], "status": "THEORETICAL", "severity": "high", "ui_category": "SI", "notes": "Create multiple fake neural node identities to overwhelm consensus or trust mechanisms in multi-electrode/multi-node BCI networks. Analogous to Sybil attacks in distributed systems. From Murcia neural cyberattack taxonomy.", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:E/RV:P/NP:N", "score": 4.7, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "literature", "original_authors": [ "Lopez Bernal et al. 2023 (Murcia taxonomy, CACM)" ], "qif_contribution": "framework_mapping" }, "tara_enrichment_pending": false, "technique": "Neural sybil", "tara_alias": "TARA-SOM-M-005", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MP", "CL", "MI" ], "cci": 0.36 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Creating multiple fake BCI node identities to subvert reputation or consensus mechanisms in distributed neural networks", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Node identity verification; proof-of-work/proof-of-stake for BCI network membership" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "protocol_layer": "network/identity", "sybil_count": "variable" }, "hardware": [ "BCI_transceiver_array", "identity_generator", "network_interface" ], "detection": "Network topology analysis, identity correlation, behavioral fingerprinting" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — distributed BCI network attack", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "physics_feasibility": { "tier": 0, "tier_label": "no_physics_gate", "timeline": "now", "gate_reason": "Software/network attack — physics does not constrain", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0106", "attack": "Neural sinkhole", "tactic": "QIF-P.DS", "bands": "I0-N2", "band_ids": [ "I0", "N2" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (coherence metric)", "sources": [ "Lopez Bernal et al. 2023 (CACM, Eight Reasons to Prioritize BCI Cybersecurity)" ], "status": "THEORETICAL", "severity": "high", "ui_category": "DS", "notes": "Attract and drop neural signals by advertising a compromised node as optimal routing point. Neural signals are diverted and silently discarded. Analogous to sinkhole attacks in sensor networks. From Murcia neural cyberattack taxonomy.", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:N", "score": 5.4, "severity": "medium", "pins": true, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "literature", "original_authors": [ "Lopez Bernal et al. 2023 (Murcia taxonomy, CACM)" ], "qif_contribution": "framework_mapping" }, "tara_enrichment_pending": false, "technique": "Neural sinkhole", "tara_alias": "TARA-SOM-D-002", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MP" ], "cci": 0.12 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Attracting and absorbing BCI network traffic by advertising false optimal routing, creating a data collection point analogous to network sinkhole attacks", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "End-to-end encryption; route attestation; multi-path verification" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "protocol_layer": "network/routing", "capture_radius": "variable" }, "hardware": [ "rogue_BCI_hub", "traffic_analyzer", "storage_system" ], "detection": "Route path verification, latency anomaly detection, traffic volume analysis" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — BCI network routing attack", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "physics_feasibility": { "tier": 0, "tier_label": "no_physics_gate", "timeline": "now", "gate_reason": "Software/network attack — physics does not constrain", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0107", "attack": "Neural nonce replay", "tactic": "QIF-N.MD", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "Enhanced (coherence metric)", "sources": [ "Lopez Bernal et al. 2023 (CACM, Eight Reasons to Prioritize BCI Cybersecurity)" ], "status": "THEORETICAL", "severity": "high", "ui_category": "SI", "notes": "Replay previously valid neural signal nonces to bypass freshness/replay protections. Exploits lack of temporal validation in neural signal authentication. Analogous to nonce replay in cryptographic protocols. From Murcia neural cyberattack taxonomy.", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 5.4, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [ "T1134" ] }, "origin": { "category": "literature", "original_authors": [ "Lopez Bernal et al. 2023 (Murcia taxonomy, CACM)" ], "qif_contribution": "framework_mapping" }, "tara_enrichment_pending": false, "technique": "Neural nonce replay", "tara_alias": "TARA-SOM-M-006", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MP", "CL", "PC" ], "cci": 0.24 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": true, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Capturing and replaying BCI session nonces or authentication tokens to hijack or duplicate neural data sessions", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Time-bound nonces; anti-replay counters; session binding to hardware attestation" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "protocol_layer": "session/authentication", "replay_window_ms": "variable" }, "hardware": [ "packet_sniffer", "replay_engine", "timing_analyzer" ], "detection": "Sequence number validation, timestamp freshness checks, session binding verification" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — session authentication attack", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "physics_feasibility": { "tier": 0, "tier_label": "no_physics_gate", "timeline": "now", "gate_reason": "Software/protocol attack — physics does not constrain", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0108", "attack": "Neuromorphic mimicry attack (synaptic weight tampering)", "tactic": "QIF-B.IN", "bands": "S1-S2", "band_ids": [ "S1", "S2" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "No", "sources": [ "arXiv:2505.17094 (2025, Neuromorphic Mimicry Attacks)", "arXiv:2601.16589 (2026, Emerging Threats in Neuromorphic Systems)" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "EX", "notes": "Tamper with synaptic weights or inject poisoned sensory input into neuromorphic/SNN hardware (next-gen BCI processors). Evades traditional IDS by mimicking legitimate neural activity patterns. Input poisoning ~90% success, weight tampering ~83%. Traditional IDS detects only 12-15%.", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:H/CD:H/CV:P/RV:P/NP:N", "score": 4.7, "severity": "medium", "pins": true, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_recontextualized", "original_authors": [ "arXiv:2505.17094 (2025)", "arXiv:2601.16589 (2026)" ], "qif_contribution": "threat_recontextualization" }, "tara_enrichment_pending": false, "technique": "Neuromorphic mimicry attack (synaptic weight tampering)", "tara_alias": "TARA-SIL-M-018", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": false, "neurorights": { "affected": [ "CL", "MI" ], "cci": 0.24 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.3, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation" ] } }, "tara": { "mechanism": "Tampering with synaptic weight parameters in neuromorphic computing hardware to alter neural network inference without modifying the training data or model architecture", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Cryptographic weight attestation; runtime integrity monitoring; redundant inference paths" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "synaptic_weight_memory", "precision_bits": "8-32", "modification_scope": "targeted_weights" }, "hardware": [ "neuromorphic_chip", "debug_interface", "fault_injection_equipment" ], "detection": "Weight checksum verification, inference output monitoring, behavioral regression testing" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — neuromorphic hardware tampering", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Neuromorphic chips exist (Intel Loihi, IBM TrueNorth) but BCI integration is emerging", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0109", "attack": "Data alignment exploitation", "tactic": "QIF-B.EV", "bands": "S2-I0", "band_ids": [ "S2", "I0" ], "coupling": null, "access": null, "classical": "Yes", "quantum": "No", "sources": [ "Derived from ABAT (Wu et al. 2024, IEEE TNSRE) and A3E (arXiv:2412.11390, 2024) defense papers" ], "status": "THEORETICAL", "severity": "medium", "ui_category": "EX", "notes": "Target the data alignment step used by adversarial defenses (ABAT, A3E). If defenders use Euclidean alignment or reference matrices for cross-session EEG normalization, an attacker who can influence alignment reference data can bias the alignment transform, causing downstream misclassification. QIF-derived: inferred from defense architecture analysis.", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:L/CD:L/CV:P/RV:P/NP:N", "score": 3.4, "severity": "low", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Data alignment exploitation", "tara_alias": "TARA-SIL-M-019", "tara_domain_primary": "SIL", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": null, "tara_drift_window": null, "tara_direction": null, "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MP", "MI" ], "cci": 0.24 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "No FDA pathway for consumer sensor exploitation", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Exploiting misalignment between neural data recording parameters and processing pipeline expectations to introduce systematic bias or silent data corruption", "dual_use": "silicon_only", "clinical": null, "governance": { "consent_tier": "standard", "monitoring": [ "firmware_integrity", "access_logging", "network_traffic" ], "regulations": [ "FDA 21 CFR 820", "IEC 62443", "NIST CSF" ], "data_classification": "restricted", "safety_ceiling": "Data pipeline validation; schema enforcement; sampling rate verification at each stage" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "data_pipeline", "alignment_parameters": "sampling_rate/bit_depth/channel_mapping" }, "hardware": [ "data_acquisition_system", "processing_pipeline", "storage_backend" ], "detection": "Cross-stage data validation, statistical anomaly detection, pipeline integrity checks" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "S-domain only — data pipeline manipulation", "niss_correlation": "Silicon-only technique — no diagnostic mapping" } }, "physics_feasibility": { "tier": 0, "tier_label": "no_physics_gate", "timeline": "now", "gate_reason": "Software/data pipeline attack — physics does not constrain", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0110", "attack": "Vestibular balance profiling", "tactic": "QIF-S.HV", "bands": "I0", "band_ids": [ "I0" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "SE", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:L/CD:N/CV:E/RV:F/NP:N", "score": 1.7, "severity": "low", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Vestibular balance profiling", "tara_alias": "TARA-VES-R-001", "tara_domain_primary": "VES", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": "A", "tara_drift_window": "immediate", "tara_direction": "afferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MP" ], "cci": 0.1 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Passive recording and analysis of vestibular-evoked responses (VEMPs, caloric responses) to profile an individual's balance system characteristics and susceptibility", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Vestibular evoked myogenic potentials (VEMP) testing", "conditions": [ "vestibular neuritis", "Meniere's disease", "superior canal dehiscence", "benign paroxysmal positional vertigo" ], "fda_status": "cleared", "evidence_level": "RCT", "safe_parameters": "Standard audiometric stimulus levels; air-conducted 500 Hz tone bursts at 95-100 dB nHL", "sources": [ "Rosengren et al. 2010 (Clin Neurophysiol)", "Curthoys 2010 (Semin Neurol)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Passive vestibular assessment; standard audiometric safety limits apply" }, "engineering": { "coupling": [ "acoustic", "electromagnetic" ], "parameters": { "frequency_hz": "500", "amplitude_dB_nHL": "95-100", "recording_channels": "cervical/ocular EMG" }, "hardware": [ "acoustic_transducer", "EMG_electrodes", "vestibular_amplifier" ], "detection": "Response latency analysis, amplitude ratio monitoring, habituation pattern tracking" }, "dsm5": { "primary": [], "secondary": [ { "code": "F45.8", "name": "Other Somatoform Disorders", "confidence": "probable" } ], "risk_class": "indirect", "cluster": "non_diagnostic", "pathway": "I0 (vestibular organ) → N1 (vestibular nerve) — profiling only, no direct disruption", "niss_correlation": "Reconnaissance technique — low direct clinical risk" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "VEMP testing equipment commercially available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0111", "attack": "GVS motion illusion injection", "tactic": "QIF-N.MD", "bands": "I0-N4", "band_ids": [ "I0", "N1", "N2", "N3", "N4" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DM", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:T/NP:T", "score": 4.0, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "GVS motion illusion injection", "tara_alias": "TARA-VES-M-001", "tara_domain_primary": "VES", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "A", "tara_drift_window": "immediate", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "DI", "PC" ], "cci": 0.6 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Galvanic vestibular stimulation (GVS) delivering subthreshold or suprathreshold current to mastoid processes to induce illusory motion perception or postural sway", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Galvanic vestibular stimulation (GVS) therapy", "conditions": [ "bilateral vestibular hypofunction", "Parkinson's gait freezing", "spatial neglect rehabilitation", "motion sickness desensitization" ], "fda_status": "investigational", "evidence_level": "RCT", "safe_parameters": "0.5-2.0 mA, bipolar mastoid placement, 10-30 min sessions, sinusoidal or noisy waveform", "sources": [ "Fitzpatrick & Day 2004 (J Appl Physiol)", "Wuehr et al. 2017 (Front Neurol)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "2 mA maximum; continuous postural monitoring; fall prevention required; session limit 30 min" }, "engineering": { "coupling": [ "galvanic" ], "parameters": { "amplitude_mA": "0.5-2.0", "waveform": "sinusoidal/noisy/DC", "duration_min": "10-30", "electrode_placement": "bilateral_mastoid" }, "hardware": [ "constant_current_stimulator", "mastoid_electrodes", "posturography_platform", "safety_harness" ], "detection": "Current amplitude monitoring, postural sway tracking, patient-reported vertigo assessment" }, "dsm5": { "primary": [], "secondary": [ { "code": "F41.0", "name": "Panic Disorder", "confidence": "probable" }, { "code": "F40.01", "name": "Agoraphobia", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (mastoid electrodes) → N1 (vestibular nerve) → N3 (vestibular nuclei) → N4 (cortical integration)", "niss_correlation": "Vestibular manipulation — motor/balance disruption cluster" }, "icd10": { "primary": [ { "code": "H81.399", "name": "Other peripheral vertigo, unspecified ear", "confidence": "established" }, { "code": "R42", "name": "Dizziness and giddiness", "confidence": "established" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "GVS devices commercially available; established research tool", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0112", "attack": "Vestibular-ocular reflex manipulation", "tactic": "QIF-N.MD", "bands": "I0-N3", "band_ids": [ "I0", "N1", "N2", "N3" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DM", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:T/NP:T", "score": 4.0, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Vestibular-ocular reflex manipulation", "tara_alias": "TARA-VES-M-002", "tara_domain_primary": "VES", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "A", "tara_drift_window": "immediate", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "DI", "PC" ], "cci": 0.6 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Disrupting the vestibular-ocular reflex (VOR) arc via targeted vestibular stimulation to cause nystagmus, oscillopsia, or gaze instability", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "VOR rehabilitation / caloric testing", "conditions": [ "vestibular hypofunction", "bilateral vestibulopathy", "oscillopsia", "post-surgical vestibular adaptation" ], "fda_status": "cleared", "evidence_level": "meta_analysis", "safe_parameters": "Caloric: 30°C/44°C irrigation; VOR rehab: progressive gaze stabilization exercises", "sources": [ "Herdman et al. 2007 (JOSPT)", "Halmagyi et al. 2017 (J Neurol)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Standard caloric test parameters; continuous nystagmus monitoring; anti-emetic available" }, "engineering": { "coupling": [ "galvanic", "acoustic" ], "parameters": { "caloric_temp_C": "30/44", "GVS_mA": "0.5-1.5", "target_reflex": "VOR_arc" }, "hardware": [ "caloric_irrigator", "videonystagmography", "GVS_stimulator", "eye_tracker" ], "detection": "VOR gain monitoring, nystagmus pattern analysis, compensatory saccade detection" }, "dsm5": { "primary": [], "secondary": [ { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (vestibular organ) → N1 (vestibular nerve) → N3 (vestibular nuclei) → N2 (oculomotor nuclei) → VOR arc", "niss_correlation": "VOR disruption — visual-motor coordination cluster" }, "icd10": { "primary": [ { "code": "H81.399", "name": "Other peripheral vertigo, unspecified ear", "confidence": "established" }, { "code": "H55.00", "name": "Unspecified nystagmus", "confidence": "established" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Caloric testing and VOR assessment equipment standard in vestibular clinics", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0113", "attack": "Cochlear-vestibular crosstalk exploitation", "tactic": "QIF-N.IJ", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "DEMONSTRATED", "severity": "medium", "ui_category": "SI", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:T/NP:T", "score": 4.0, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Cochlear-vestibular crosstalk exploitation", "tara_alias": "TARA-VES-M-003", "tara_domain_primary": "VES", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "C", "tara_drift_window": "weeks-months", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "PC" ], "cci": 0.36 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA" ], "coverage_score": 0.3, "gaps": [ "CVSS cannot express neural-specific impacts" ] } }, "tara": { "mechanism": "Exploiting the shared innervation of cochlear and vestibular branches of CN VIII to induce vestibular side-effects through auditory stimulation (Tullio phenomenon) or vice versa", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Bone-conducted vibration vestibular rehabilitation", "conditions": [ "superior semicircular canal dehiscence", "Tullio phenomenon", "perilymphatic fistula" ], "fda_status": "cleared", "evidence_level": "cohort", "safe_parameters": "Bone-conducted vibration: 500 Hz, <95 dB nHL; air-conducted: standard audiometric limits", "sources": [ "Minor et al. 1998 (Arch Otolaryngol)", "Watson et al. 2000 (J Laryngol Otol)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Audiometric safety limits; continuous vestibular symptom monitoring; immediate cessation protocol" }, "engineering": { "coupling": [ "acoustic" ], "parameters": { "frequency_hz": "500-2000", "amplitude_dB": "<95 nHL", "transduction": "bone_or_air_conducted" }, "hardware": [ "audiometric_transducer", "bone_vibrator", "tympanometer", "EMG_VEMP_recorder" ], "detection": "Threshold monitoring, vestibular symptom questionnaire, VEMP amplitude tracking" }, "dsm5": { "primary": [], "secondary": [ { "code": "F41.0", "name": "Panic Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (cochlea/vestibule) → N1 (CN VIII shared innervation) → N3 (vestibular/cochlear nuclei) — crosstalk pathway", "niss_correlation": "Cochlear-vestibular crosstalk — auditory-balance disruption cluster" }, "icd10": { "primary": [ { "code": "H81.399", "name": "Other peripheral vertigo, unspecified ear", "confidence": "established" }, { "code": "H93.19", "name": "Tinnitus, unspecified ear", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Auditory stimulation equipment and VEMP testing commercially available", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0114", "attack": "Vestibular overload (vertigo induction)", "tactic": "QIF-P.DS", "bands": "I0-N4", "band_ids": [ "I0", "N1", "N2", "N3", "N4" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DS", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:N/CD:H/CV:E/RV:P/NP:T", "score": 5.4, "severity": "medium", "pins": true, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Vestibular overload (vertigo induction)", "tara_alias": "TARA-VES-D-001", "tara_domain_primary": "VES", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": "A", "tara_drift_window": "immediate", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "DI", "PC" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Overwhelming the vestibular system via sustained high-intensity stimulation to cause acute vertigo, nausea, spatial disorientation, and postural collapse", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Canalith repositioning (Epley maneuver) / vestibular habituation therapy", "conditions": [ "BPPV", "chronic subjective dizziness", "vestibular migraine", "mal de debarquement" ], "fda_status": "cleared", "evidence_level": "meta_analysis", "safe_parameters": "Epley: single head repositioning sequence; habituation: graded exposure within tolerance", "sources": [ "Hilton & Pinder 2014 (Cochrane Review)", "Bronstein & Lempert 2013 (Practical Neurology)" ] }, "governance": { "consent_tier": "prohibited", "monitoring": [ "detection_only" ], "regulations": [ "Geneva Convention (if weaponized)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Overload stimulation exceeds therapeutic parameters — defensive detection only; therapeutic equivalent uses controlled sub-threshold exposure" }, "engineering": { "coupling": [ "galvanic", "acoustic", "mechanical" ], "parameters": { "GVS_mA": ">3.0 (suprathreshold)", "caloric_deviation_C": ">15 from body temp", "rotational_deg_s2": ">100" }, "hardware": [ "high_current_GVS", "caloric_system", "rotary_chair", "posturography" ], "detection": "Vestibular threshold monitoring, postural sway limits, patient distress indicators" }, "dsm5": { "primary": [], "secondary": [ { "code": "F41.0", "name": "Panic Disorder", "confidence": "established" }, { "code": "F43.0", "name": "Acute Stress Reaction", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (vestibular organ) → N1 (vestibular nerve) → N3 (vestibular nuclei) → N4-N5 (cortical integration) — system overload", "niss_correlation": "Vestibular overload — acute disorientation and trauma cluster" }, "icd10": { "primary": [ { "code": "H81.03", "name": "Meniere's disease, bilateral (iatrogenic analog)", "confidence": "established" }, { "code": "R42", "name": "Dizziness and giddiness", "confidence": "established" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "GVS and caloric stimulation equipment available; overload parameters achievable with standard hardware", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0115", "attack": "Cumulative tissue excitability shift", "tactic": "QIF-N.IJ", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "SI", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:N/CD:L/CV:E/RV:P/NP:P", "score": 5.7, "severity": "medium", "pins": true, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Cumulative tissue excitability shift", "tara_alias": "TARA-SOM-M-007", "tara_domain_primary": "SOM", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "C", "tara_drift_window": "weeks-months", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MI", "DI", "PC" ], "cci": 0.72 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Chronic subthreshold stimulation causing gradual shift in neural tissue excitability thresholds through long-term potentiation or depression of synaptic efficacy", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Transcranial direct current stimulation (tDCS) long-term protocols", "conditions": [ "chronic pain", "fibromyalgia", "stroke motor recovery", "cognitive enhancement research" ], "fda_status": "investigational", "evidence_level": "RCT", "safe_parameters": "1-2 mA, 20 min/session, minimum 24h between sessions, cumulative dose tracking", "sources": [ "Bikson et al. 2016 (Brain Stimul)", "Nitsche & Paulus 2011 (J Physiol)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Cumulative dose tracking mandatory; cortical excitability monitoring between sessions; 72h washout if threshold shift detected" }, "engineering": { "coupling": [ "galvanic" ], "parameters": { "amplitude_mA": "0.5-2.0", "session_duration_min": "20", "cumulative_sessions": "10-30", "inter_session_interval_h": ">=24" }, "hardware": [ "tDCS_device", "EEG_monitoring", "cortical_excitability_probe", "dose_tracker" ], "detection": "Longitudinal TMS-evoked potential monitoring, resting motor threshold tracking, EEG spectral shift analysis" }, "dsm5": { "primary": [ { "code": "F45", "name": "Somatoform disorders", "confidence": "probable" } ], "secondary": [ { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (electrodes) → N1-N2 (cortical tissue) → cumulative excitability shift → seizure threshold change", "niss_correlation": "Chronic stimulation — cumulative neuroplasticity disruption" }, "icd10": { "primary": [ { "code": "G40.909", "name": "Epilepsy, unspecified, not intractable, without status epilepticus", "confidence": "probable" } ], "secondary": [ { "code": "G43.909", "name": "Migraine, unspecified, not intractable, without status migrainosus", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "tDCS devices commercially available; cumulative effects documented in literature", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0116", "attack": "Progressive reward pathway desensitization", "tactic": "QIF-N.MD", "bands": "N5-N6", "band_ids": [ "N5", "N6" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DM", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:P/NP:S", "score": 6.1, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Progressive reward pathway desensitization", "tara_alias": "TARA-EMO-M-001", "tara_domain_primary": "EMO", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "C", "tara_drift_window": "weeks-months", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "PC", "DI" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Systematic reduction of dopaminergic reward circuit sensitivity through repeated supraphysiological stimulation, causing anhedonia and motivational deficit", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Deep brain stimulation of nucleus accumbens / ventral capsule", "conditions": [ "treatment-resistant depression", "OCD", "addiction (research)", "anorexia nervosa (research)" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Nucleus accumbens DBS: 130 Hz, 1-5V, 60-90 μs pulse width, psychiatric monitoring mandatory", "sources": [ "Bewernick et al. 2010 (Biol Psychiatry)", "Denys et al. 2020 (Nature Medicine)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Reward circuit stimulation requires psychiatric co-monitoring; hedonic tone assessment at each session; immediate cessation protocol" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "frequency_hz": "130", "amplitude_V": "1-5", "pulse_width_us": "60-90", "target": "nucleus_accumbens/VTA" }, "hardware": [ "DBS_electrode", "IPG_programmer", "psychiatric_assessment_tools", "fMRI_verification" ], "detection": "Anhedonia screening (SHAPS), reward task performance, dopamine metabolite tracking" }, "dsm5": { "primary": [ { "code": "F32.2", "name": "Major Depressive Episode, Severe (anhedonia subtype)", "confidence": "established" }, { "code": "F48.1", "name": "Depersonalization-Derealization Disorder", "confidence": "probable" } ], "secondary": [ { "code": "F10-F19", "name": "Substance Use Disorders (compensatory seeking)", "confidence": "probable" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N3 (nucleus accumbens) → N4 (VTA-prefrontal circuit) → N5 (reward network) — progressive desensitization", "niss_correlation": "Reward pathway desensitization — mood/motivation disruption cluster" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "DBS of reward circuits demonstrated in clinical trials", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0117", "attack": "Incremental memory consolidation interference", "tactic": "QIF-C.EX", "bands": "N6", "band_ids": [ "N6" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "EX", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:P/NP:P", "score": 5.4, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Incremental memory consolidation interference", "tara_alias": "TARA-MEM-D-001", "tara_domain_primary": "MEM", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": "C", "tara_drift_window": "weeks-months", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MI", "PC", "CL" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Targeted disruption of hippocampal sharp-wave ripple complexes during sleep to prevent memory consolidation without affecting other sleep functions", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Targeted memory reactivation (TMR) / sleep-dependent memory consolidation research", "conditions": [ "PTSD (traumatic memory reconsolidation)", "phobias", "addiction cue extinction" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Auditory TMR: <60 dB during slow-wave sleep; closed-loop stimulation during specific sleep phases", "sources": [ "Rasch et al. 2007 (Science)", "Ngo et al. 2013 (Neuron)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Memory consolidation interference requires informed consent for cognitive impact; polysomnographic monitoring mandatory; morning memory assessment" }, "engineering": { "coupling": [ "acoustic", "electromagnetic" ], "parameters": { "target": "hippocampal_SWR", "detection_method": "real-time_EEG", "disruption_timing_ms": "<50 post-ripple-onset" }, "hardware": [ "polysomnograph", "real_time_EEG_processor", "closed_loop_stimulator", "memory_assessment_suite" ], "detection": "Sleep architecture analysis, morning declarative memory testing, hippocampal ripple rate monitoring" }, "dsm5": { "primary": [ { "code": "F06.8", "name": "Other specified mental disorder due to known physiological condition (memory)", "confidence": "established" } ], "secondary": [ { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N3 (hippocampus SWR) → N5 (hippocampal-cortical consolidation) → declarative memory systems", "niss_correlation": "Memory consolidation interference — cognitive/memory disruption cluster" }, "icd10": { "primary": [ { "code": "R41.3", "name": "Other amnesia", "confidence": "established" } ], "secondary": [ { "code": "G47.00", "name": "Insomnia, unspecified", "confidence": "probable" } ], "risk_class": "direct", "cluster": "cognitive_psychotic" } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Closed-loop sleep stimulation demonstrated in research; real-time ripple detection emerging", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0118", "attack": "Cumulative speech degradation", "tactic": "QIF-P.DS", "bands": "N7", "band_ids": [ "N7" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DS", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:P/NP:P", "score": 5.4, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Cumulative speech degradation", "tara_alias": "TARA-LNG-D-001", "tara_domain_primary": "LNG", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": "C", "tara_drift_window": "weeks-months", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "PC" ], "cci": 0.72 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Progressive degradation of speech motor control through chronic low-level disruption of Broca's area or corticobulbar pathways, causing cumulative articulatory imprecision", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "rTMS of Broca's area for post-stroke aphasia rehabilitation", "conditions": [ "Broca's aphasia", "post-stroke speech recovery", "primary progressive aphasia" ], "fda_status": "investigational", "evidence_level": "RCT", "safe_parameters": "1 Hz (inhibitory) or 10 Hz (excitatory) rTMS over Broca's area, 80-120% motor threshold, 1000-2000 pulses/session", "sources": [ "Naeser et al. 2005 (Neuroimage)", "Turkeltaub et al. 2012 (Stroke)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Speech intelligibility monitoring at each session; cumulative dose limit; neuropsychological speech assessment" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "Broca_area/corticobulbar_tract", "frequency_hz": "1-10 (rTMS)", "amplitude_pct_MT": "80-120", "cumulative_pulses": "tracking required" }, "hardware": [ "TMS_coil", "neuronavigation_system", "speech_assessment_software", "EMG_facial_muscles" ], "detection": "Speech intelligibility scoring (UPDRS-speech), articulatory kinematic tracking, fMRI language lateralization" }, "dsm5": { "primary": [ { "code": "F80.2", "name": "Expressive Language Disorder", "confidence": "established" } ], "secondary": [ { "code": "F32.1", "name": "Major Depressive Episode, Moderate", "confidence": "probable" }, { "code": "F40.10", "name": "Social Phobia", "confidence": "probable" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N4 (Broca's area) → N2 (corticobulbar tract) → N1 (cranial motor nuclei) — progressive speech degradation", "niss_correlation": "Speech motor degradation — language/cognitive disruption cluster" }, "icd10": { "primary": [ { "code": "R47.0", "name": "Dysphasia and Aphasia", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "rTMS of Broca's area established in research and clinical practice", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0119", "attack": "Delayed emotional baseline shift", "tactic": "QIF-C.IM", "bands": "N6", "band_ids": [ "N6" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "CI", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:P/NP:S", "score": 6.1, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Delayed emotional baseline shift", "tara_alias": "TARA-EMO-M-002", "tara_domain_primary": "EMO", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "L", "tara_drift_window": "months-years", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "PC", "DI" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": true, "prongs": { "software": true, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SBOM", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Gradual modulation of amygdala-prefrontal connectivity to shift emotional baseline toward persistent dysthymia or anxiety without acute detectable events", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Neurofeedback training for emotional regulation", "conditions": [ "generalized anxiety disorder", "dysthymia", "emotional dysregulation in BPD", "PTSD" ], "fda_status": "investigational", "evidence_level": "RCT", "safe_parameters": "Real-time fMRI neurofeedback: amygdala down-regulation training, 20-30 min sessions, 6-12 sessions", "sources": [ "Young et al. 2017 (Am J Psychiatry)", "Nicholson et al. 2017 (NeuroImage)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Longitudinal mood monitoring mandatory; psychiatric oversight; immediate intervention protocol for acute mood shifts" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "amygdala-PFC_connectivity", "modulation_method": "chronic_subthreshold_stimulation", "session_interval_days": "1-7" }, "hardware": [ "tDCS/tACS_device", "fMRI_scanner", "mood_tracking_app", "EEG_monitor" ], "detection": "Longitudinal affect rating scales (PHQ-9, GAD-7), resting-state fMRI connectivity, EEG frontal alpha asymmetry" }, "dsm5": { "primary": [ { "code": "F34.1", "name": "Persistent Depressive Disorder (Dysthymia)", "confidence": "established" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "established" } ], "secondary": [ { "code": "F32.0", "name": "Major Depressive Episode, Mild", "confidence": "probable" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N4 (amygdala) → N5 (PFC connectivity) → N6 (default mode network) — slow emotional baseline drift", "niss_correlation": "Emotional baseline shift — mood/anxiety disruption cluster" } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Real-time fMRI neurofeedback demonstrated; chronic subthreshold protocols emerging", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0120", "attack": "Latent cognitive decline via chronic electrode micromotion", "tactic": "QIF-P.DS", "bands": "I0-N7", "band_ids": [ "I0", "N1", "N2", "N3", "N4", "N5", "N6", "N7" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DS", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:N/CD:H/CV:E/RV:P/NP:P", "score": 6.1, "severity": "medium", "pins": true, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Latent cognitive decline via chronic electrode micromotion", "tara_alias": "TARA-COG-D-005", "tara_domain_primary": "COG", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": "L", "tara_drift_window": "months-years", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MI", "PC", "DI" ], "cci": 0.72 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Chronic micromotion of implanted electrodes causing progressive gliosis, impedance drift, and degradation of neural recording/stimulation fidelity, leading to gradual cognitive decline", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Chronic DBS electrode maintenance / impedance management", "conditions": [ "DBS electrode revision", "chronic implant biocompatibility", "recording electrode longevity" ], "fda_status": "approved", "evidence_level": "cohort", "safe_parameters": "Impedance monitoring <5% drift/month; electrode repositioning protocol; biocompatible coatings", "sources": [ "Polikov et al. 2005 (J Neurosci Methods)", "Barrese et al. 2013 (J Neural Eng)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Longitudinal impedance tracking; cognitive assessment battery; electrode replacement protocol when drift exceeds threshold" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "electrode_type": "penetrating/surface", "gliosis_onset_weeks": "2-6", "impedance_drift_pct_month": "variable" }, "hardware": [ "implanted_electrode_array", "impedance_spectroscopy", "cognitive_assessment_suite" ], "detection": "Longitudinal impedance trending, signal-to-noise ratio monitoring, periodic neuropsychological testing" }, "dsm5": { "primary": [ { "code": "F06.7", "name": "Mild Neurocognitive Disorder due to another medical condition", "confidence": "established" } ], "secondary": [ { "code": "F32.1", "name": "Major Depressive Episode, Moderate", "confidence": "probable" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "I0 (electrode-tissue interface) → gliosis → impedance change → recording degradation → cognitive function decline", "niss_correlation": "Chronic electrode micromotion — progressive cognitive decline cluster" }, "icd10": { "primary": [ { "code": "R41.89", "name": "Other symptoms involving cognitive functions and awareness", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Electrode micromotion and gliosis well-documented in chronic implant literature", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0121", "attack": "Sleep architecture manipulation", "tactic": "QIF-N.MD", "bands": "N2-N4", "band_ids": [ "N2", "N3", "N4" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DM", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:T/NP:T", "score": 4.0, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Sleep architecture manipulation", "tara_alias": "TARA-AUT-M-002", "tara_domain_primary": "AUT", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "L", "tara_drift_window": "months-years", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MI", "PC", "DI", "CL" ], "cci": 1.2 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Targeted alteration of sleep stage architecture via closed-loop stimulation during specific sleep phases to disrupt restorative sleep without preventing sleep onset", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Closed-loop auditory stimulation for slow-wave sleep enhancement", "conditions": [ "insomnia", "sleep-dependent memory consolidation disorders", "age-related sleep degradation", "PTSD nightmares" ], "fda_status": "investigational", "evidence_level": "RCT", "safe_parameters": "Phase-locked auditory clicks at <60 dB during slow-wave up-states; 8h monitoring sessions", "sources": [ "Ngo et al. 2013 (Neuron)", "Leminen et al. 2017 (Sci Rep)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Full polysomnographic monitoring; daytime sleepiness assessment (Epworth); cognitive testing next morning; cumulative sleep debt tracking" }, "engineering": { "coupling": [ "acoustic", "electromagnetic" ], "parameters": { "target_phase": "slow_wave_up-state", "stimulus_dB": "<60", "detection_latency_ms": "<100", "night_coverage_pct": "continuous" }, "hardware": [ "polysomnograph", "real_time_EEG_processor", "phase_locked_audio_system", "actigraphy" ], "detection": "Sleep stage distribution analysis, slow-wave density tracking, next-day vigilance testing (PVT)" }, "dsm5": { "primary": [], "secondary": [ { "code": "F32.0", "name": "Major Depressive Episode, Mild", "confidence": "probable" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N3 (thalamic sleep nuclei) → N5 (cortical slow-wave generators) → sleep architecture disruption → daytime cognitive/mood effects", "niss_correlation": "Sleep architecture manipulation — cognitive/mood degradation cluster" }, "icd10": { "primary": [ { "code": "G47.00", "name": "Insomnia, unspecified", "confidence": "established" }, { "code": "G47.8", "name": "Other sleep disorders", "confidence": "established" } ], "secondary": [ { "code": "R41.89", "name": "Other symptoms involving cognitive functions and awareness", "confidence": "probable" } ], "risk_class": "direct", "cluster": "mood_trauma" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Closed-loop sleep stimulation demonstrated in multiple research labs", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0122", "attack": "Chronic epileptogenic focus creation (kindling)", "tactic": "QIF-P.DS", "bands": "N6", "band_ids": [ "N6" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DS", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:C/CR:N/CD:C/CV:E/RV:I/NP:S", "score": 8.4, "severity": "high", "pins": true, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Chronic epileptogenic focus creation (kindling)", "tara_alias": "TARA-AUT-D-002", "tara_domain_primary": "AUT", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": "P", "tara_drift_window": "permanent", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MI", "PC", "DI", "CL" ], "cci": 2.0 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Repeated low-intensity electrical stimulation (kindling paradigm) creating a self-sustaining epileptogenic focus that persists after stimulation cessation", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Kindling model in epilepsy research (preclinical)", "conditions": [ "temporal lobe epilepsy (research model)", "seizure threshold testing" ], "fda_status": "not_applicable", "evidence_level": "preclinical", "safe_parameters": "Animal research only; no human therapeutic application of kindling — represents a harm model", "sources": [ "Goddard et al. 1969 (Exp Neurol)", "Morimoto et al. 2004 (Prog Neurobiol)" ] }, "governance": { "consent_tier": "prohibited", "monitoring": [ "detection_only" ], "regulations": [ "Geneva Convention (if weaponized)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Kindling is a harm model — no therapeutic application. Detection and prevention only. Any deliberate kindling in humans would constitute criminal assault" }, "engineering": { "coupling": [ "galvanic" ], "parameters": { "amplitude_uA": "100-500 (subconvulsive)", "frequency_hz": "60", "daily_stimulations": "1-2", "duration_s": "1-2", "kindling_threshold_days": "10-30" }, "hardware": [ "implanted_depth_electrodes", "programmable_stimulator", "EEG_monitoring", "seizure_detection_system" ], "detection": "Afterdischarge duration monitoring, EEG epileptiform spike detection, seizure threshold tracking" }, "dsm5": { "primary": [], "secondary": [ { "code": "F06.8", "name": "Other specified mental disorder due to known physiological condition", "confidence": "established" }, { "code": "F41.0", "name": "Panic Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (implanted electrodes) → N3 (amygdala/hippocampus) → kindling → self-sustaining epileptogenic focus", "niss_correlation": "Epileptogenic focus creation — irreversible neurological harm cluster" }, "icd10": { "primary": [ { "code": "G40.209", "name": "Localization-related epilepsy, not intractable, without status epilepticus", "confidence": "established" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Kindling paradigm well-established in animal models; mechanism applies to any implanted BCI electrode", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0123", "attack": "Structural motor pathway reorganization", "tactic": "QIF-N.MD", "bands": "N5-N7", "band_ids": [ "N5", "N6", "N7" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DM", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:P/NP:S", "score": 6.1, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Structural motor pathway reorganization", "tara_alias": "TARA-MOT-M-003", "tara_domain_primary": "MOT", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "P", "tara_drift_window": "permanent", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MI", "PC", "DI" ], "cci": 0.72 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Chronic manipulation of motor cortex stimulation parameters causing maladaptive cortical reorganization of motor maps, leading to persistent motor control changes", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Motor cortex rTMS / tDCS for stroke rehabilitation", "conditions": [ "post-stroke motor recovery", "cerebral palsy motor rehabilitation", "dystonia", "phantom limb pain" ], "fda_status": "investigational", "evidence_level": "RCT", "safe_parameters": "10 Hz excitatory rTMS over ipsilesional M1, 80-120% MT, 1000-3000 pulses/session, 10-20 sessions", "sources": [ "Lefaucheur et al. 2014 (Clin Neurophysiol)", "Hummel & Cohen 2006 (Stroke)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Motor mapping assessment at each session; grip strength/dexterity monitoring; immediate cessation if motor deficit emerges" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "primary_motor_cortex", "frequency_hz": "1-20 (rTMS)", "amplitude_pct_MT": "80-120", "sessions": "10-20" }, "hardware": [ "TMS_coil", "neuronavigation", "motor_assessment_suite", "EMG_monitoring" ], "detection": "Motor evoked potential (MEP) mapping, grip dynamometry, finger tapping speed, cortical motor map tracking" }, "dsm5": { "primary": [ { "code": "F44.4", "name": "Conversion Disorder (Functional motor symptom)", "confidence": "established" } ], "secondary": [ { "code": "F32.1", "name": "Major Depressive Episode, Moderate", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "N4 (motor cortex) → N2 (corticospinal tract) → N1 (motor neurons) — chronic maladaptive reorganization", "niss_correlation": "Motor pathway reorganization — chronic motor control disruption cluster" }, "icd10": { "primary": [ { "code": "G25.8", "name": "Other specified extrapyramidal and movement disorders", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Motor cortex stimulation and cortical reorganization well-documented", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0124", "attack": "Autobiographical narrative coherence disruption", "tactic": "QIF-C.EX", "bands": "N6-N7", "band_ids": [ "N6", "N7" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "EX", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:C/CV:E/RV:P/NP:S", "score": 6.4, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Autobiographical narrative coherence disruption", "tara_alias": "TARA-IDN-D-002", "tara_domain_primary": "IDN", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": "P", "tara_drift_window": "permanent", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "PC", "MI", "CL" ], "cci": 1.44 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Disrupting hippocampal-prefrontal circuits responsible for autobiographical memory retrieval and self-narrative coherence, causing fragmented sense of personal history", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "ECT (electroconvulsive therapy) / TMS for treatment-resistant depression", "conditions": [ "treatment-resistant depression", "dissociative disorders (research)", "PTSD (narrative restructuring)" ], "fda_status": "approved", "evidence_level": "meta_analysis", "safe_parameters": "ECT: brief-pulse, right unilateral, 6x seizure threshold; TMS: standard safety guidelines", "sources": [ "UK ECT Review Group 2003 (Lancet)", "Kellner et al. 2012 (Am J Psychiatry)" ] }, "governance": { "consent_tier": "prohibited", "monitoring": [ "detection_only" ], "regulations": [ "Geneva Convention (if weaponized)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Identity disruption requires highest-tier consent; psychiatric evaluation before and after; narrative coherence assessment mandatory" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "hippocampal-PFC_circuit", "modulation": "inhibitory/disruptive", "sessions": "cumulative" }, "hardware": [ "TMS_coil/ECT_device", "neuropsychological_test_battery", "autobiographical_memory_assessment" ], "detection": "Autobiographical memory interview (AMI), narrative coherence scoring, self-continuity scales" }, "dsm5": { "primary": [ { "code": "F44.0", "name": "Dissociative Amnesia", "confidence": "established" }, { "code": "F48.1", "name": "Depersonalization-Derealization Disorder", "confidence": "established" } ], "secondary": [ { "code": "F44.81", "name": "Dissociative Identity Disorder", "confidence": "probable" }, { "code": "F43.1", "name": "Post-Traumatic Stress Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "persistent_personality", "pathway": "N5 (hippocampal-PFC network) → N6 (default mode network) → N7 (self-narrative integration) — identity coherence disruption", "niss_correlation": "Identity/narrative disruption — personality/dissociative cluster" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "ECT and TMS effects on autobiographical memory well-documented", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0125", "attack": "Longitudinal neural fingerprint extraction", "tactic": "QIF-D.HV", "bands": "N7", "band_ids": [ "N7" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "SE", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:N/CV:I/RV:F/NP:N", "score": 2.7, "severity": "low", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Longitudinal neural fingerprint extraction", "tara_alias": "TARA-IDN-R-005", "tara_domain_primary": "IDN", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": "C", "tara_drift_window": "weeks-months", "tara_direction": "afferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MP", "PC" ], "cci": 0.24 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Longitudinal collection of stable neural response patterns (ERP latencies, spectral fingerprints, connectivity signatures) to build a persistent biometric identifier that survives session boundaries", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "ERP/EEG biomarker tracking for treatment response monitoring", "conditions": [ "depression treatment monitoring (P300 amplitude)", "ADHD diagnosis (theta/beta ratio)", "Alzheimer's staging (EEG slowing)" ], "fda_status": "cleared", "evidence_level": "cohort", "safe_parameters": "Passive EEG recording; no stimulation; data minimization and de-identification required", "sources": [ "Polich 2007 (Clin Neurophysiol)", "Marcel & Millan 2007 (IEEE TBME)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Neural biometric data at highest protection tier; purpose limitation; right to deletion; no cross-session linking without explicit consent" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "recording_channels": "32-256 EEG", "features": "ERP_latency/spectral_power/connectivity", "temporal_stability": "months-years" }, "hardware": [ "EEG_cap", "high_density_amplifier", "feature_extraction_pipeline", "biometric_database" ], "detection": "Neural fingerprint template comparison, cross-session correlation analysis, de-identification audit" }, "dsm5": { "primary": [], "secondary": [ { "code": "F41.1", "name": "Generalized Anxiety Disorder (surveillance awareness)", "confidence": "probable" } ], "risk_class": "indirect", "cluster": "non_diagnostic", "pathway": "Passive recording — no direct neural disruption; risk is informational (identity/privacy)", "niss_correlation": "Reconnaissance technique — primary risk is privacy, not clinical harm" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "EEG biometric identification demonstrated with >95% accuracy in research", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0126", "attack": "Progressive visual response mapping", "tactic": "QIF-S.HV", "bands": "N7", "band_ids": [ "N7" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "SE", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:N/CR:H/CD:N/CV:E/RV:F/NP:N", "score": 2.1, "severity": "low", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Progressive visual response mapping", "tara_alias": "TARA-VIS-R-003", "tara_domain_primary": "VIS", "tara_domain_secondary": [], "tara_mode": "R", "tara_drift": "C", "tara_drift_window": "weeks-months", "tara_direction": "afferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MP" ], "cci": 0.1 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Systematic mapping of visual evoked potentials and steady-state visual evoked potentials (SSVEPs) across stimulus parameters to profile visual cortex response characteristics", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Visual evoked potential (VEP) diagnostics", "conditions": [ "optic neuritis (MS diagnosis)", "amblyopia assessment", "cortical visual impairment", "visual field mapping" ], "fda_status": "cleared", "evidence_level": "meta_analysis", "safe_parameters": "Pattern-reversal VEP: checkerboard at 1-2 reversals/s; flash VEP: standard photometric limits", "sources": [ "Odom et al. 2016 (Doc Ophthalmol, ISCEV standard)", "Zemon & Gordon 2006 (Clin Neurophysiol)" ] }, "governance": { "consent_tier": "enhanced", "monitoring": [ "signal_quality", "data_encryption_status", "access_audit_log" ], "regulations": [ "HIPAA", "GDPR Art. 9", "21 CFR Part 11", "IEC 62304" ], "data_classification": "sensitive_neural", "safety_ceiling": "Standard VEP testing parameters; photosensitive epilepsy screening mandatory; data minimization" }, "engineering": { "coupling": [ "optical" ], "parameters": { "stimulus_type": "pattern_reversal/flash/SSVEP", "frequency_hz": "1-30", "luminance_cd_m2": "standard_photometric" }, "hardware": [ "visual_stimulus_display", "EEG_recording", "photometric_calibrator" ], "detection": "Response characteristic profiling, habituation tracking, cross-session comparison analysis" }, "dsm5": { "primary": [], "secondary": [], "risk_class": "none", "cluster": "non_diagnostic", "pathway": "Passive visual response mapping — no direct disruption; reconnaissance only", "niss_correlation": "Reconnaissance technique — no clinical risk from profiling alone" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "VEP and SSVEP testing equipment standard in clinical and research settings", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0127", "attack": "Acute fear circuit activation", "tactic": "QIF-C.EX", "bands": "N6", "band_ids": [ "N6" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "EX", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:T/NP:T", "score": 4.0, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Acute fear circuit activation", "tara_alias": "TARA-EMO-M-003", "tara_domain_primary": "EMO", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "A", "tara_drift_window": "immediate", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Direct stimulation of amygdala fear circuits to induce acute fear, panic, or threat-perception states without external environmental threat", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "DBS of amygdala / extinction learning facilitation", "conditions": [ "treatment-resistant PTSD", "phobia extinction (research)", "anxiety disorders (DBS research)" ], "fda_status": "investigational", "evidence_level": "case_series", "safe_parameters": "Amygdala DBS: low-frequency (5-10 Hz), 1-3V, with psychiatric monitoring and emergency anxiolytic protocol", "sources": [ "Langevin et al. 2016 (J Neuropsychiatry)", "Koek et al. 2014 (Biol Psychiatry)" ] }, "governance": { "consent_tier": "prohibited", "monitoring": [ "detection_only" ], "regulations": [ "Geneva Convention (if weaponized)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Fear circuit activation is a harm vector outside controlled research; detection and prevention only; anxiolytic rescue protocol required" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "amygdala/bed_nucleus_stria_terminalis", "frequency_hz": "5-10", "amplitude_V": "1-3", "pulse_width_us": "60-90" }, "hardware": [ "DBS_electrode", "IPG_programmer", "real_time_EEG", "heart_rate_variability_monitor", "anxiolytic_rescue" ], "detection": "Skin conductance response, heart rate variability shift, EEG theta power increase, subjective fear rating" }, "dsm5": { "primary": [ { "code": "F41.0", "name": "Panic Disorder", "confidence": "established" }, { "code": "F43.0", "name": "Acute Stress Reaction", "confidence": "established" } ], "secondary": [ { "code": "F43.1", "name": "Post-Traumatic Stress Disorder", "confidence": "probable" }, { "code": "F40.2", "name": "Specific Phobias", "confidence": "probable" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N3 (amygdala) → N4 (hypothalamus/PAG) → N1 (autonomic nervous system) — acute fear circuit activation", "niss_correlation": "Fear circuit activation — acute anxiety/trauma cluster" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Amygdala DBS demonstrated in clinical research; fear responses documented", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0128", "attack": "Hedonic tone suppression", "tactic": "QIF-N.MD", "bands": "N5-N6", "band_ids": [ "N5", "N6" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DM", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:P/NP:P", "score": 5.4, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Hedonic tone suppression", "tara_alias": "TARA-EMO-M-004", "tara_domain_primary": "EMO", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "C", "tara_drift_window": "weeks-months", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Suppression of ventral striatum and orbitofrontal cortex reward-related activity to reduce hedonic tone, causing loss of pleasure in normally enjoyable activities", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "DBS of subcallosal cingulate / ventral capsule for depression", "conditions": [ "treatment-resistant depression", "anhedonia", "bipolar depression (research)" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Subcallosal cingulate DBS: 130 Hz, 3-6V, 90 μs; psychiatric monitoring at 2-week intervals", "sources": [ "Mayberg et al. 2005 (Neuron)", "Holtzheimer et al. 2012 (Arch Gen Psychiatry)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Hedonic tone assessment at each visit (SHAPS); suicidality screening; immediate intervention if anhedonia score exceeds threshold" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "ventral_striatum/OFC/subcallosal_cingulate", "frequency_hz": "130", "amplitude_V": "3-6", "pulse_width_us": "90" }, "hardware": [ "DBS_electrode", "IPG_programmer", "anhedonia_assessment_tools", "fMRI_verification" ], "detection": "SHAPS scoring, reward task fMRI, EEG frontal theta asymmetry, behavioral activation level" }, "dsm5": { "primary": [ { "code": "F32.2", "name": "Major Depressive Episode, Severe (anhedonia)", "confidence": "established" }, { "code": "F34.1", "name": "Persistent Depressive Disorder (Dysthymia)", "confidence": "established" } ], "secondary": [ { "code": "F48.1", "name": "Depersonalization-Derealization Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N3 (ventral striatum) → N4 (OFC) → N5 (reward network) — hedonic suppression", "niss_correlation": "Hedonic suppression — anhedonia/depression cluster" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Subcallosal cingulate DBS demonstrated in clinical trials; reward circuit modulation documented", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0129", "attack": "Emotional flooding (affect overload)", "tactic": "QIF-P.DS", "bands": "N6", "band_ids": [ "N6" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DS", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:T/NP:T", "score": 4.0, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Emotional flooding (affect overload)", "tara_alias": "TARA-EMO-D-001", "tara_domain_primary": "EMO", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": "A", "tara_drift_window": "immediate", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "PC", "DI" ], "cci": 1.8 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Simultaneous overstimulation of multiple limbic structures (amygdala, insula, anterior cingulate) to overwhelm emotional regulation capacity, causing uncontrollable affect surges", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Emotional processing therapy / exposure therapy (controlled activation)", "conditions": [ "PTSD (controlled exposure)", "panic disorder (interoceptive exposure)", "borderline PD (affect regulation training)" ], "fda_status": "not_applicable", "evidence_level": "RCT", "safe_parameters": "Exposure therapy: graded, within window of tolerance; never simultaneous multi-structure stimulation", "sources": [ "Foa et al. 2007 (Prolonged Exposure Therapy for PTSD)", "Linehan 1993 (DBT manual)" ] }, "governance": { "consent_tier": "prohibited", "monitoring": [ "detection_only" ], "regulations": [ "Geneva Convention (if weaponized)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Emotional flooding exceeds any therapeutic parameter — detection and prevention only; therapeutic analog uses controlled graded exposure" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "targets": "amygdala/insula/ACC simultaneous", "amplitude": "suprathreshold", "modulation": "excitatory" }, "hardware": [ "multi_electrode_DBS", "real_time_affect_monitoring", "emergency_sedation_protocol" ], "detection": "Heart rate variability collapse, skin conductance spike, EEG high-frequency burst, behavioral distress indicators" }, "dsm5": { "primary": [ { "code": "F43.0", "name": "Acute Stress Reaction", "confidence": "established" }, { "code": "F60.3", "name": "Borderline Personality Disorder (affect instability)", "confidence": "probable" } ], "secondary": [ { "code": "F44.2", "name": "Dissociative Stupor", "confidence": "probable" }, { "code": "F43.1", "name": "Post-Traumatic Stress Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "mood_trauma", "pathway": "N3-N4 (amygdala/insula/ACC simultaneous) → N5 (prefrontal overwhelm) → affective flooding", "niss_correlation": "Emotional flooding — acute trauma/dissociation cluster" } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Multi-target DBS requires high-density electrode arrays; components exist but integration is emerging", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0130", "attack": "Empathy circuit disruption", "tactic": "QIF-C.EX", "bands": "N6-N7", "band_ids": [ "N6", "N7" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "EX", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:P/NP:P", "score": 5.4, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Empathy circuit disruption", "tara_alias": "TARA-EMO-D-002", "tara_domain_primary": "EMO", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": "C", "tara_drift_window": "weeks-months", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MI", "PC", "CL" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Disruption of mirror neuron system and anterior insula circuits responsible for empathic processing, causing diminished affective empathy while potentially preserving cognitive empathy", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "TMS of temporoparietal junction for social cognition research", "conditions": [ "autism spectrum (social cognition research)", "conduct disorder (empathy research)", "psychopathy (neural correlates research)" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "1 Hz inhibitory rTMS over TPJ/anterior insula, standard safety guidelines, empathy assessment before/after", "sources": [ "Young et al. 2010 (PNAS, TPJ and moral judgment)", "Lamm et al. 2011 (Neurosci Biobehav Rev)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Empathy assessment mandatory at each session; immediate cessation if empathy scores drop below clinical threshold; social functioning monitoring" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "anterior_insula/TPJ/mirror_neuron_system", "frequency_hz": "1 (inhibitory rTMS)", "amplitude_pct_MT": "80-110" }, "hardware": [ "TMS_coil", "neuronavigation", "empathy_assessment_battery", "social_cognition_tasks" ], "detection": "Empathy quotient (EQ) scoring, facial affect recognition testing, skin conductance to emotional stimuli" }, "dsm5": { "primary": [ { "code": "F60.2", "name": "Antisocial Personality Disorder (acquired empathy deficit)", "confidence": "probable" }, { "code": "F94.1", "name": "Reactive Attachment Disorder", "confidence": "probable" } ], "secondary": [ { "code": "F60.3", "name": "Borderline Personality Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "persistent_personality", "pathway": "N4 (anterior insula/TPJ) → N5 (mirror neuron network) → N6 (social cognition network) — empathy circuit disruption", "niss_correlation": "Empathy disruption — personality/social functioning cluster" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "TMS of TPJ and effects on moral/empathic judgment demonstrated in research", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0131", "attack": "Speech production hijacking", "tactic": "QIF-N.IJ", "bands": "N7", "band_ids": [ "N7" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "SI", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:T/NP:T", "score": 4.0, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Speech production hijacking", "tara_alias": "TARA-LNG-M-001", "tara_domain_primary": "LNG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "A", "tara_drift_window": "immediate", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Injection of motor commands into speech production pathways via stimulation of motor cortex mouth/larynx areas, causing involuntary vocalizations or speech", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Speech neuroprosthesis / brain-to-speech BCI", "conditions": [ "locked-in syndrome", "ALS (speech loss)", "post-stroke aphasia", "laryngeal dystonia" ], "fda_status": "breakthrough", "evidence_level": "cohort", "safe_parameters": "Speech neuroprosthesis: decode-only with user-initiated trigger; no involuntary output", "sources": [ "Willett et al. 2023 (Nature)", "Moses et al. 2021 (N Engl J Med)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "impedance", "stimulation_waveform", "tissue_temperature", "patient_response" ], "regulations": [ "FDA 510(k)/PMA", "IEC 60601-1", "ISO 80601-2-10", "21 CFR 882" ], "data_classification": "PHI", "safety_ceiling": "Speech output must require user-initiated trigger; involuntary speech production is a harm vector; kill switch mandatory" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "ventral_premotor/M1_larynx", "decode_method": "neural_speech_decoding", "latency_ms": "<100" }, "hardware": [ "high_density_ECoG", "speech_decoder", "speech_synthesizer", "safety_interlock" ], "detection": "Involuntary vocalization detection, EMG laryngeal monitoring, patient intent verification" }, "dsm5": { "primary": [ { "code": "F44.4", "name": "Conversion Disorder (speech symptom)", "confidence": "established" }, { "code": "F95.1", "name": "Chronic Vocal Tic Disorder", "confidence": "probable" } ], "secondary": [ { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "probable" }, { "code": "F40.10", "name": "Social Phobia", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "N4 (ventral premotor cortex) → N2 (corticobulbar tract) → N1 (laryngeal motor neurons) — speech motor hijacking", "niss_correlation": "Speech production hijacking — motor/language disruption cluster" } }, "physics_feasibility": { "tier": 1, "tier_label": "near_term", "timeline": "2026-2031", "gate_reason": "Brain-to-speech BCIs demonstrated; bidirectional speech control emerging", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0132", "attack": "Comprehension interference", "tactic": "QIF-N.MD", "bands": "N7", "band_ids": [ "N7" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DM", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:N/CD:H/CV:E/RV:T/NP:T", "score": 4.0, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Comprehension interference", "tara_alias": "TARA-LNG-M-002", "tara_domain_primary": "LNG", "tara_domain_secondary": [], "tara_mode": "M", "tara_drift": "A", "tara_drift_window": "immediate", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "PC" ], "cci": 0.48 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Disruption of Wernicke's area and auditory association cortex processing to impair language comprehension while preserving speech production and hearing", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "rTMS of Wernicke's area for tinnitus / auditory hallucinations", "conditions": [ "auditory hallucinations in schizophrenia", "tinnitus", "Wernicke's aphasia rehabilitation" ], "fda_status": "investigational", "evidence_level": "RCT", "safe_parameters": "1 Hz inhibitory rTMS over left temporoparietal cortex, 80-110% MT, 1000-2000 pulses/session", "sources": [ "Hoffman et al. 2005 (Arch Gen Psychiatry)", "Kindler et al. 2014 (Biol Psychiatry)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Language comprehension testing at each session (Token Test); immediate cessation if comprehension drops below safety threshold" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "Wernicke_area/posterior_STG", "frequency_hz": "1 (inhibitory)", "amplitude_pct_MT": "80-110" }, "hardware": [ "TMS_coil", "neuronavigation", "language_assessment_battery", "audiometric_equipment" ], "detection": "Token Test performance, semantic priming task, word-sentence verification, ERP N400 monitoring" }, "dsm5": { "primary": [ { "code": "F80.1", "name": "Receptive Language Disorder", "confidence": "established" } ], "secondary": [ { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "probable" }, { "code": "F32.0", "name": "Major Depressive Episode, Mild", "confidence": "probable" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "N4 (Wernicke's area) → N5 (auditory association cortex) → language comprehension network — receptive aphasia", "niss_correlation": "Comprehension interference — language/cognitive disruption cluster" }, "icd10": { "primary": [ { "code": "R47.0", "name": "Dysphasia and Aphasia (receptive)", "confidence": "established" } ], "risk_class": "direct", "cluster": "cognitive_psychotic" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "rTMS of Wernicke's area and effects on language comprehension well-established", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0133", "attack": "Visual cortex overstimulation", "tactic": "QIF-P.DS", "bands": "N7", "band_ids": [ "N7" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DS", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:N/CD:H/CV:E/RV:P/NP:T", "score": 5.4, "severity": "medium", "pins": true, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Visual cortex overstimulation", "tara_alias": "TARA-VIS-D-001", "tara_domain_primary": "VIS", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": "A", "tara_drift_window": "immediate", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MI", "CL", "DI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Excessive photic or electrical stimulation of primary visual cortex (V1) to induce phosphenes, visual distortion, cortical spreading depression, or photosensitive seizures", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Visual cortex prosthesis (Orion / Second Sight) / phosphene mapping", "conditions": [ "cortical blindness (visual prosthesis)", "amblyopia treatment (research)", "migraine with aura (research model)" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Visual prosthesis: charge-balanced biphasic pulses, <100 μC/cm², individual threshold mapping", "sources": [ "Beauchamp et al. 2020 (Cell)", "Dobelle 2000 (ASAIO J)" ] }, "governance": { "consent_tier": "prohibited", "monitoring": [ "detection_only" ], "regulations": [ "Geneva Convention (if weaponized)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Overstimulation exceeds therapeutic parameters — detection and prevention only; therapeutic visual prostheses use carefully mapped individual thresholds" }, "engineering": { "coupling": [ "electromagnetic", "optical" ], "parameters": { "target": "V1/visual_cortex", "charge_density_uC_cm2": ">100 (overstimulation)", "flash_frequency_hz": ">3 (seizure risk range)" }, "hardware": [ "cortical_electrode_array", "visual_stimulator", "EEG_seizure_detection", "emergency_protocols" ], "detection": "EEG epileptiform activity monitoring, pupillary response tracking, subjective visual disturbance reporting" }, "dsm5": { "primary": [], "secondary": [ { "code": "F41.0", "name": "Panic Disorder", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "N4 (V1) → cortical spreading depression → N3 (thalamic relay) — visual cortex overload cascade", "niss_correlation": "Visual cortex overstimulation — seizure/sensory disruption cluster" }, "icd10": { "primary": [ { "code": "G40.409", "name": "Other generalized epilepsy, not intractable, without status epilepticus", "confidence": "established" }, { "code": "H53.10", "name": "Unspecified subjective visual disturbances", "confidence": "established" } ], "secondary": [ { "code": "G43.909", "name": "Migraine, unspecified, not intractable, without status migrainosus", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Visual cortex stimulation and photosensitive seizure induction well-documented", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0134", "attack": "Cochlear implant overstimulation", "tactic": "QIF-P.DS", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DS", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:H/CR:N/CD:H/CV:E/RV:P/NP:T", "score": 5.4, "severity": "medium", "pins": true, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Cochlear implant overstimulation", "tara_alias": "TARA-AUD-D-001", "tara_domain_primary": "AUD", "tara_domain_secondary": [], "tara_mode": "D", "tara_drift": "A", "tara_drift_window": "immediate", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "MI", "CL", "DI", "PC" ], "cci": 0.96 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": true, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Delivery of excessive electrical stimulation through cochlear implant electrodes to cause pain, acoustic shock, tinnitus, or vestibular side-effects via current spread to adjacent structures", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Cochlear implant therapy", "conditions": [ "sensorineural hearing loss", "congenital deafness", "single-sided deafness", "auditory neuropathy" ], "fda_status": "approved", "evidence_level": "meta_analysis", "safe_parameters": "Device-specific (Cochlear, MED-EL, AB): charge-balanced biphasic, <30 μC/phase, individual comfort levels", "sources": [ "Wilson & Dorman 2008 (JASA)", "Zeng et al. 2008 (IEEE Rev Biomed Eng)" ] }, "governance": { "consent_tier": "prohibited", "monitoring": [ "detection_only" ], "regulations": [ "Geneva Convention (if weaponized)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Overstimulation exceeds device comfort levels — detection and prevention only; cochlear implants use individual threshold/comfort mapping" }, "engineering": { "coupling": [ "galvanic" ], "parameters": { "electrode_count": "12-22", "charge_per_phase_uC": ">30 (overstimulation)", "rate_pps": ">3000 (overdriven)" }, "hardware": [ "cochlear_implant_processor", "electrode_array", "impedance_telemetry", "pain_detection_system" ], "detection": "Impedance telemetry, loudness discomfort level monitoring, vestibular symptom screening, patient distress indicators" }, "dsm5": { "primary": [], "secondary": [ { "code": "F43.0", "name": "Acute Stress Reaction", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive", "pathway": "I0 (cochlear electrode array) → N1 (auditory nerve) → N3 (cochlear nucleus) — overstimulation with vestibular crosstalk", "niss_correlation": "Cochlear overstimulation — auditory damage/vestibular disruption cluster" }, "icd10": { "primary": [ { "code": "H93.13", "name": "Tinnitus, bilateral (iatrogenic)", "confidence": "established" }, { "code": "H83.3X3", "name": "Noise effects on inner ear, bilateral", "confidence": "established" } ], "secondary": [ { "code": "H81.399", "name": "Other peripheral vertigo, unspecified ear (current spread)", "confidence": "probable" } ], "risk_class": "direct", "cluster": "motor_neurocognitive" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Cochlear implants widely deployed; overstimulation a known device safety concern", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0135", "attack": "Neural pathway chaining (off-target propagation exploitation)", "tactic": "QIF-N.MD", "bands": "I0-N7", "band_ids": [ "I0", "N1", "N2", "N3", "N4", "N5", "N6", "N7" ], "coupling": null, "access": null, "classical": true, "quantum": false, "sources": [], "status": "THEORETICAL", "severity": "medium", "ui_category": "DM", "notes": "", "legacy_ids": [], "legacy_technique_id": null, "niss": { "version": "1.1", "vector": "NISS:1.1/BI:L/CR:H/CD:H/CV:E/RV:P/NP:T", "score": 5.4, "severity": "medium", "pins": false, "components": null }, "cross_references": { "related_ids": [] }, "origin": { "category": "qif_theoretical", "original_authors": null, "qif_contribution": "original_derivation" }, "tara_enrichment_pending": false, "technique": "Neural pathway chaining (off-target propagation exploitation)", "tara_alias": "TARA-COG-M-012", "tara_domain_primary": "COG", "tara_domain_secondary": [ "MOT", "EMO" ], "tara_mode": "M", "tara_drift": "L", "tara_drift_window": "months-years", "tara_direction": "efferent", "use_context_tags": [], "biological_target": true, "neurorights": { "affected": [ "CL", "MI", "DI", "PC" ], "cci": 0.72 }, "regulatory": { "fdora_524b": { "cyber_device": false, "prongs": { "software": false, "network_connectable": false, "vulnerable": true }, "applicable_requirements": [ "TM", "VA", "SA", "PM" ], "coverage_score": 0.1, "gaps": [ "CVSS cannot express neural-specific impacts", "Threat not yet in regulatory threat catalogs" ] } }, "tara": { "mechanism": "Exploiting neural pathway interconnectedness to cause stimulation effects that propagate beyond the intended target region, producing off-target cognitive, motor, or emotional effects through synaptic connectivity", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Connectome-informed DBS targeting / network-level stimulation", "conditions": [ "treatment-resistant depression (network-based DBS)", "OCD (ALIC/VC-VS DBS with off-target effects)", "essential tremor (VIM DBS)" ], "fda_status": "investigational", "evidence_level": "cohort", "safe_parameters": "Connectome mapping before stimulation; current steering to minimize spread; multi-domain monitoring", "sources": [ "Horn et al. 2017 (NeuroImage)", "Riva-Posse et al. 2018 (Biol Psychiatry)" ] }, "governance": { "consent_tier": "IRB", "monitoring": [ "cognitive_assessment", "behavioral_tracking", "informed_consent_renewal" ], "regulations": [ "HIPAA", "GDPR Art. 9", "Common Rule (45 CFR 46)", "proposed neurorights legislation" ], "data_classification": "sensitive_neural", "safety_ceiling": "Multi-domain assessment mandatory (motor + cognitive + emotional + sensory); connectome mapping before stimulation; current field modeling to predict propagation" }, "engineering": { "coupling": [ "electromagnetic" ], "parameters": { "target": "primary_target_variable", "propagation_pathways": "white_matter_tracts", "spread_radius_mm": "variable", "current_steering": "directional" }, "hardware": [ "directional_DBS_leads", "connectome_mapping_MRI", "current_field_modeler", "multi_domain_assessment_suite" ], "detection": "Multi-domain neuropsychological monitoring, current field modeling validation, off-target effect screening battery" }, "dsm5": { "primary": [ { "code": "F06.8", "name": "Other specified mental disorder due to known physiological condition", "confidence": "established" } ], "secondary": [ { "code": "F44.4", "name": "Conversion Disorder", "confidence": "probable" }, { "code": "F41.1", "name": "Generalized Anxiety Disorder", "confidence": "probable" }, { "code": "F32.0", "name": "Major Depressive Episode, Mild", "confidence": "probable" } ], "risk_class": "direct", "cluster": "cognitive_psychotic", "pathway": "Primary target → white matter tracts → off-target cortical/subcortical regions — unpredictable propagation cascade", "niss_correlation": "Off-target propagation — multi-domain unpredictable disruption" } }, "physics_feasibility": { "tier": 0, "tier_label": "feasible_now", "timeline": "now", "gate_reason": "Off-target DBS effects well-documented in clinical literature; pathway propagation is inherent to neural stimulation", "constraint_system_ref": "QIF Derivation Log Entry 60", "analysis_date": "2026-03-14" } }, { "id": "QIF-T0136", "attack": "Transcranial photobiomodulation (670/808nm)", "tactic": "QIF-E.RD", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "status": "CONFIRMED", "severity": "low", "ui_category": "EX", "classical": "Yes", "quantum": "No", "tara_alias": "TARA-EMO-M-005", "tara_domain_primary": "EMO", "tara_domain_secondary": [ "COG", "SER" ], "tara_mode": "M", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "Propagating NIR photons (670/808nm) absorbed by mitochondrial cytochrome c oxidase (CCO) in dopaminergic neurons. CCO activation increases ATP production, upregulates tyrosine hydroxylase (TH) and VMAT2 expression over days-weeks. Neuroprotective, not acutely stimulatory. Requires cofactor readiness (Fe2+, BH4, B6).", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Transcranial photobiomodulation for Parkinson's disease neuroprotection", "conditions": [ "Parkinson's disease", "neurodegeneration", "traumatic brain injury" ], "fda_status": "investigational", "evidence_level": "preclinical_strong" }, "governance": { "consent_tier": "standard", "data_classification": "non_sensitive", "safety_ceiling": "ANSI Z136.1 skin MPE: 330 mW/cm2 at 808nm" } }, "sources": [ "Oueslati 2015 DOI:10.1371/journal.pone.0140880", "Gordon 2023 DOI:10.1111/ejn.15973", "Gu 2017 DOI:10.1016/j.cellsig.2017.06.007", "Mohammed 2023 DOI:10.1007/s43630-023-00497-z (5-HT + NE restoration via CCO)" ] }, { "id": "QIF-T0137", "attack": "UCNP-mediated optogenetic dopamine release (980nm)", "tactic": "QIF-N.NM", "bands": "I0-N3", "band_ids": [ "I0", "N1", "N2", "N3" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_alias": "TARA-EMO-M-006", "tara_domain_primary": "EMO", "tara_domain_secondary": [ "COG", "MOT" ], "tara_mode": "M", "physics_feasibility": { "tier": 1, "tier_label": "near_term" }, "tara": { "mechanism": "980nm NIR excitation of NaYF4:Yb/Tm upconversion nanoparticles (UCNPs) injected into VTA. UCNPs emit 450/475nm blue light locally, activating ChR2 channelrhodopsin expressed in dopaminergic neurons via viral vector. Triggers acute dopamine release on millisecond timescale. Requires both genetic modification (ChR2 expression) and NP injection (neurosurgery).", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Deep brain optogenetic stimulation for Parkinson's disease", "conditions": [ "Parkinson's disease", "depression", "addiction" ], "fda_status": "none", "evidence_level": "preclinical" }, "governance": { "consent_tier": "IRB", "data_classification": "sensitive_neural", "safety_ceiling": "Requires stereotactic neurosurgery + gene therapy" } }, "sources": [ "Gong 2018 DOI:10.1126/science.aaq1144", "Liu 2021 DOI:10.1038/s41467-021-25993-7" ] }, { "id": "QIF-T0138", "attack": "HUP photovoltaic nanoparticle dopamine stimulation (980nm)", "tactic": "QIF-N.NM", "bands": "I0-N3", "band_ids": [ "I0", "N1", "N2", "N3" ], "status": "EMERGING", "severity": "high", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_alias": "TARA-EMO-M-007", "tara_domain_primary": "EMO", "tara_domain_secondary": [ "COG", "MOT" ], "tara_mode": "M", "physics_feasibility": { "tier": 1, "tier_label": "near_term" }, "tara": { "mechanism": "980nm NIR excitation of hybrid upconversion-photovoltaic (HUP) nanoparticles (NaYF4:Yb/Tm + WO3-x nanorods) injected into VTA. UCNPs upconvert to 450nm; WO3-x generates capacitive photocurrent that depolarizes neurons directly. NO genetic modification required. Triggers acute dopamine release. 78% Y-maze place preference in mice.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Non-genetic deep brain photovoltaic stimulation", "conditions": [ "Parkinson's disease", "depression" ], "fda_status": "none", "evidence_level": "preclinical" }, "governance": { "consent_tier": "IRB", "data_classification": "sensitive_neural", "safety_ceiling": "39.2 W/cm2 at VTA (mouse); human safety not established" } }, "sources": [ "Jin 2025 DOI:10.1126/sciadv.adt4771" ] }, { "id": "QIF-T0139", "attack": "Photothermal gold nanoparticle TRPV1 dopamine activation", "tactic": "QIF-N.NM", "bands": "I0-N2", "band_ids": [ "I0", "N1", "N2" ], "status": "DEMONSTRATED", "severity": "medium", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_alias": "TARA-EMO-M-008", "tara_domain_primary": "EMO", "tara_domain_secondary": [ "SOM" ], "tara_mode": "M", "physics_feasibility": { "tier": 1, "tier_label": "near_term" }, "tara": { "mechanism": "NIR light (680-1100nm, tunable by nanorod aspect ratio) absorbed by antibody-conjugated gold nanorods at neuronal membrane. Photothermal conversion raises local temperature above 43.8C TRPV1 activation threshold. Ca2+ influx triggers action potential. DA-specific effect inferred but not directly demonstrated in VTA. Narrow thermal safety window (43.8-47C).", "dual_use": "possible", "clinical": { "therapeutic_analog": "Wireless photothermal deep brain stimulation", "conditions": [ "Parkinson's disease" ], "fda_status": "none", "evidence_level": "preclinical" }, "governance": { "consent_tier": "IRB", "data_classification": "sensitive_neural", "safety_ceiling": "TRPV1 activation 43.8C; neuron damage >60C; 3-7C margin" } }, "sources": [ "Carvalho-de-Souza 2015 DOI:10.1016/j.neuron.2015.02.033" ] }, { "id": "QIF-T0140", "attack": "Infrared neural stimulation (1875nm fiber contact)", "tactic": "QIF-N.MD", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "status": "CONFIRMED", "severity": "medium", "ui_category": "SI", "classical": "Yes", "quantum": "No", "tara_alias": "TARA-SOM-M-008", "tara_domain_primary": "SOM", "tara_domain_secondary": [ "AUD" ], "tara_mode": "M", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "Pulsed 1875nm IR light delivered via contact fiber optic. Water absorption generates localized thermal transient (1-10C rise) activating TRPV4 channels and membrane capacitance changes. NOT applied to dopamine neurons. Demonstrated in cochlear, vestibular, spinal nerve, somatosensory cortex. Safety ratio only 2:1 (stimulation:damage threshold).", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Optical cochlear implant, infrared nerve stimulation", "conditions": [ "hearing loss", "peripheral neuropathy" ], "fda_status": "investigational", "evidence_level": "clinical_pilot" }, "governance": { "consent_tier": "enhanced", "data_classification": "PHI", "safety_ceiling": "Damage threshold 0.3-0.4 J/cm2; narrow 2:1 ratio" } }, "sources": [ "Cayce 2011 DOI:10.1016/j.neuroimage.2011.03.084", "Pan 2023 DOI:10.1016/j.brs.2023.01.006" ] }, { "id": "QIF-T0141", "attack": "Magnetothermal nanoparticle TRPV1 stimulation (AMF)", "tactic": "QIF-E.RD", "bands": "I0-N3", "band_ids": [ "I0", "N1", "N2", "N3" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "EX", "classical": "Yes", "quantum": "No", "tara_alias": "TARA-EMO-M-009", "tara_domain_primary": "EMO", "tara_domain_secondary": [ "MOT" ], "tara_mode": "M", "physics_feasibility": { "tier": 1, "tier_label": "near_term" }, "tara": { "mechanism": "Alternating magnetic field (160-570 kHz, NOT optical) drives hysteretic heating of injected iron-oxide or ferrite nanoparticles. Local temperature rise >43.8C activates TRPV1 channels. Reversed Parkinson's symptoms in MPTP/6-OHDA mice. WARNING: iron-oxide NPs in VTA/SNc add exogenous iron to brain regions where Fenton chemistry is a neurotoxicity risk. 10ug/ml ferric oxide depleted cellular DA by 68% in 24hrs (Imam 2015).", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Magnetothermal deep brain stimulation for Parkinson's", "conditions": [ "Parkinson's disease" ], "fda_status": "none", "evidence_level": "preclinical" }, "governance": { "consent_tier": "IRB", "data_classification": "sensitive_neural", "safety_ceiling": "TRPV1 thermal window; iron accumulation toxicity risk" } }, "sources": [ "Hescham 2021 DOI:10.1038/s41467-021-25837-4", "Imam 2015 PMID:26099304" ] }, { "id": "QIF-T0142", "attack": "SICI-TMS GABA-A cortical inhibition (short-interval paired-pulse)", "tactic": "QIF-N.MD", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "status": "CONFIRMED", "severity": "medium", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "MOT", "AUT" ], "tara_mode": "M", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "Paired-pulse TMS: subthreshold conditioning stimulus (70-80% RMT) at ISI 1-5ms activates synaptic GABA-A inhibitory interneurons. Benzodiazepine-sensitive (gamma2 subunit). Distinct from T0009 (RF) and T0010 (ELF) by magnetic induction via contact coil + paired-pulse paradigm targeting GABA-A specifically.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Diagnostic SICI for ALS, stroke biomarker", "conditions": [ "ALS diagnosis", "stroke motor mapping" ], "fda_status": "cleared", "evidence_level": "clinical_validated" }, "governance": { "consent_tier": "enhanced", "data_classification": "PHI", "safety_ceiling": "Conditioning pulse subthreshold 70-80% RMT; ISI 1-5ms" } }, "sources": [ "Kujirai 1993 J Physiol 471:501-519 PMID:8120818" ], "tara_alias": "TARA-COG-M-013" }, { "id": "QIF-T0143", "attack": "LICI-TMS GABA-B long-interval cortical inhibition (suprathreshold paired-pulse)", "tactic": "QIF-N.MD", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "status": "CONFIRMED", "severity": "medium", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "AUT", "EMO" ], "tara_mode": "M", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "Paired-pulse TMS: suprathreshold conditioning at ISI 50-200ms (peak 80-135ms) activates GABA-B metabotropic receptors. Gi-coupled GIRK K+ channel hyperpolarization. Pharmacologically distinct from SICI: baclofen enhances LICI, benzodiazepines do not. Maps directly to GABA-B IPSP kinetics.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "LICI biomarker for epilepsy, TBI", "conditions": [ "epilepsy biomarker", "traumatic brain injury" ], "fda_status": "cleared", "evidence_level": "clinical_validated" }, "governance": { "consent_tier": "enhanced", "data_classification": "PHI", "safety_ceiling": "Suprathreshold CS; standard rTMS safety guidelines" } }, "sources": [ "Valls-Sole 1992 PMID:1282453", "McDonnell 2006 PMID:16489434 DOI:10.1007/s00221-006-0365-2" ], "tara_alias": "TARA-COG-M-014" }, { "id": "QIF-T0144", "attack": "cTBS GABAergic LTD interneuron upregulation (theta-burst GABA increase)", "tactic": "QIF-N.MD", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "status": "CONFIRMED", "severity": "high", "ui_category": "DS", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "MOT" ], "tara_mode": "D", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "Continuous theta-burst stimulation (50Hz triplets at 5Hz, 40s, 600 pulses, ~80% AMT) induces LTD-like cortical suppression lasting 30-60min with MRS-confirmed GABA increase in M1. Distinct from SICI/LICI (paired-pulse) and T0010 (ELF entrainment). The GABA increase is a neuroplasticity response, not acute receptor activation.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "cTBS for depression, chronic pain, post-stroke", "conditions": [ "treatment-resistant depression", "chronic pain", "stroke rehabilitation" ], "fda_status": "cleared", "evidence_level": "clinical_validated" }, "governance": { "consent_tier": "enhanced", "data_classification": "PHI", "safety_ceiling": "Max 40s train; epilepsy absolute contraindication" } }, "sources": [ "Huang 2005 Neuron DOI:10.1016/j.neuron.2004.12.033", "Stagg 2009 J Neurophysiol DOI:10.1152/jn.91060.2008 PMID:19339458" ], "tara_alias": "TARA-COG-D-006" }, { "id": "QIF-T0145", "attack": "Anodal tDCS polarity-specific GABA depletion (MRS-measured)", "tactic": "QIF-N.MD", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "status": "CONFIRMED", "severity": "medium", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "MOT", "EMO" ], "tara_mode": "M", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "Anodal tDCS (1-2mA, 10-20min, M1) reduces cortical GABA 10-30% (7T MRS, Stagg 2009). Polarity-specific: anodal reduces GABA only; cathodal reduces both GABA and glutamate (coupled). Distinct from T0001 (generic signal injection) by NT-specific polarity asymmetry not captured in T0001.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Anodal tDCS for stroke motor rehab, depression", "conditions": [ "stroke rehabilitation", "depression", "working memory" ], "fda_status": "investigational", "evidence_level": "clinical_pilot" }, "governance": { "consent_tier": "standard", "data_classification": "sensitive_neural", "safety_ceiling": "1-2mA max; 40min/session; no epileptic foci" } }, "sources": [ "Stagg 2009 J Neurosci DOI:10.1523/JNEUROSCI.4432-08.2009 PMID:19386916" ], "tara_alias": "TARA-COG-M-015" }, { "id": "QIF-T0146", "attack": "Gamma-tACS PV-interneuron GABA-A modulation (40Hz contact entrainment)", "tactic": "QIF-E.RD", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "status": "DEMONSTRATED", "severity": "medium", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "MOT" ], "tara_mode": "M", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "40Hz tACS via contact electrodes drives PV+ fast-spiking GABAergic interneurons phase-locked at gamma. Sustained >10min: duration-dependent GABA-A decrease (SICI-measured, Nowak 2017). Distinct from T0010 (non-contact ELF) and GENUS (sensory, no electrodes).", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Gamma-tACS for Parkinson's motor restoration", "conditions": [ "Parkinson's disease", "motor learning" ], "fda_status": "investigational", "evidence_level": "clinical_pilot" }, "governance": { "consent_tier": "standard", "data_classification": "sensitive_neural", "safety_ceiling": "1-2mA; screen for photosensitive epilepsy" } }, "sources": [ "Nowak 2017 J Neurosci DOI:10.1523/JNEUROSCI.0098-17.2017 PMID:28373400" ], "tara_alias": "TARA-COG-M-016" }, { "id": "QIF-T0147", "attack": "FUS thalamic GABAergic suppression (acoustic GABA reduction)", "tactic": "QIF-E.RD", "bands": "I0-N2", "band_ids": [ "I0", "N1", "N2" ], "status": "DEMONSTRATED", "severity": "high", "ui_category": "DS", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "SOM", "AUT" ], "tara_mode": "D", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "Transcranial focused ultrasound (0.25MHz, 100ms pulses) targeting thalamus reduces extracellular GABA ~20% without glutamate change (Yang 2012, rat microdialysis). Acoustic radiation force activates mechanosensitive channels (Piezo1/TREK). Thalamic reticular nucleus is almost entirely GABAergic — reducing thalamic GABA disrupts thalamocortical gating, sleep oscillations, consciousness. First acoustic NT-specific TARA technique.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "LIFU for essential tremor, disorders of consciousness", "conditions": [ "essential tremor", "disorders of consciousness", "epilepsy" ], "fda_status": "cleared", "evidence_level": "preclinical_strong" }, "governance": { "consent_tier": "enhanced", "data_classification": "sensitive_neural", "safety_ceiling": "ISPTA <720 mW/cm2 (FDA diagnostic); MRI guidance for thalamic targeting" } }, "sources": [ "Yang 2012 Neuropsychobiology DOI:10.1159/000336001 PMID:22378299" ], "tara_alias": "TARA-COG-D-007" }, { "id": "QIF-T0148", "attack": "GENUS gamma-sensory entrainment of PV+ GABAergic interneurons (non-contact 40Hz)", "tactic": "QIF-E.RD", "bands": "N1-N3", "band_ids": [ "N1", "N2", "N3" ], "status": "DEMONSTRATED", "severity": "medium", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "VIS", "AUD" ], "tara_mode": "M", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "40Hz visual LED flicker and/or auditory click trains (1hr/day) entrain PV+ fast-spiking GABAergic interneurons via endogenous sensory pathway resonance. Iaccarino 2016 (Nature): 40Hz-specific (not 20Hz, not 80Hz) PV interneuron drive reduces amyloid ~50% in 5XFAD mice, activates microglia. No electrode contact required. Distinct from T0103 (SSVEP hijack targets BCI signal spoofing, not interneuron NT modulation).", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "GENUS for Alzheimer's (MIT/Cognito Therapeutics Phase 2/3)", "conditions": [ "Alzheimer's disease", "cognitive impairment" ], "fda_status": "investigational", "evidence_level": "clinical_pilot" }, "governance": { "consent_tier": "standard", "data_classification": "non_sensitive", "safety_ceiling": "Screen for photosensitive epilepsy; 40Hz auditory safe" } }, "sources": [ "Iaccarino 2016 Nature DOI:10.1038/nature20587 PMID:27929004" ], "tara_alias": "TARA-COG-M-017" }, { "id": "QIF-T0149", "attack": "Implanted VNS cholinergic cortical manipulation via nucleus basalis", "tactic": "QIF-N.MD", "bands": "I0-N3", "band_ids": [ "I0", "N1", "N2", "N3" ], "status": "CONFIRMED", "severity": "high", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "MOT", "EMO", "AUT" ], "tara_mode": "M", "physics_feasibility": { "tier": 1, "tier_label": "near_term" }, "tara": { "mechanism": "Implanted cervical VNS cuff electrode activates vagal afferents -> NTS -> nucleus basalis of Meynert (NBM) -> cortical ACh release via mAChR. Scopolamine eliminates VNS cortical effects (Nichols 2011). ACh reinforcement selectively consolidates active motor circuits (Bowles 2022). Pre-condition: surgical implant. FDA-approved platform (LivaNova).", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "VNS for epilepsy, depression, stroke rehab", "conditions": [ "epilepsy", "treatment-resistant depression", "stroke rehabilitation" ], "fda_status": "approved", "evidence_level": "clinical_validated" }, "governance": { "consent_tier": "IRB", "data_classification": "PHI", "safety_ceiling": "25Hz, 0.5ms PW, max 3.5mA; cardiovascular monitoring" } }, "sources": [ "Bowles 2022 DOI:10.1016/j.neuron.2022.06.017 PMID:35858623", "Nichols 2011 DOI:10.1016/j.neuroscience.2011.05.024 PMID:21627982" ], "tara_alias": "TARA-COG-M-018" }, { "id": "QIF-T0150", "attack": "Transcutaneous auricular VNS (tVNS) cholinergic modulation", "tactic": "QIF-E.RD", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "status": "DEMONSTRATED", "severity": "medium", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "EMO", "AUT" ], "tara_mode": "M", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "Transcutaneous electrical stimulation of auricular branch of vagus nerve (ABVN) at cymba conchae (100% ABVN innervation). Activates NTS -> cholinergic relay. EEG microstate changes confirmed. P300 modulation demonstrated. Peripheral: alpha7 nAChR anti-inflammatory pathway. No surgery. Wearable ear clip (CE-marked Nemos).", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "tVNS for epilepsy, depression, Alzheimer's", "conditions": [ "epilepsy", "depression", "Alzheimer's disease", "PTSD" ], "fda_status": "cleared", "evidence_level": "clinical_pilot" }, "governance": { "consent_tier": "standard", "data_classification": "sensitive_neural", "safety_ceiling": "25Hz, 250us PW, <8mA; cymba conchae" } }, "sources": [ "Yap 2020 PMID:33355897 DOI:10.2147/NDT.S251188", "PMID:32992726 PMC7599782" ], "tara_alias": "TARA-COG-M-019" }, { "id": "QIF-T0151", "attack": "TMS cholinergic cortical perturbation via mAChR (40-63ms TEP)", "tactic": "QIF-E.RD", "bands": "I0-N1", "band_ids": [ "I0", "N1" ], "status": "EMERGING", "severity": "medium", "ui_category": "EX", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "MEM" ], "tara_mode": "M", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "Single-pulse TMS over SMA elicits TMS-evoked potentials (TEPs) suppressed by endogenous mAChR cholinergic tone. Scopolamine increases TEP at 40-63ms and enhances alpha synchronization. Distinct from SICI (GABA-A, ISI 1-5ms). Attack: TMS perturbation reveals/perturbs cholinergic status in BCI user.", "dual_use": "probable", "clinical": { "therapeutic_analog": "TMS-EEG biomarker for Alzheimer's cholinergic deficit", "conditions": [ "Alzheimer's disease", "cholinergic monitoring" ], "fda_status": "none", "evidence_level": "preclinical_strong" }, "governance": { "consent_tier": "enhanced", "data_classification": "sensitive_neural", "safety_ceiling": "<10 single pulses/s; Rossi 2021 safety guidelines" } }, "sources": [ "DOI:10.1016/j.pnpbp.2024.111167" ], "tara_alias": "TARA-COG-M-020" }, { "id": "QIF-T0152", "attack": "AChE inhibition BCI signal corruption (organophosphate exposure)", "tactic": "QIF-P.DS", "bands": "I0-N3", "band_ids": [ "I0", "N1", "N2", "N3" ], "status": "DEMONSTRATED", "severity": "critical", "ui_category": "DS", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "MOT", "AUT", "SOM" ], "tara_mode": "D", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "Organophosphate nerve agents (sarin, VX, novichok) irreversibly phosphorylate AChE -> ACh accumulates -> cholinergic crisis. BCI impact: massive EEG distortion, seizure activity, NMJ fasciculation artifacts. Tokyo subway survivors showed EEG abnormalities 5 years post-exposure (Yanagisawa 2006). DEFENSIVE FRAMING: threat is BCI signal integrity during chemical exposure. Countermeasures: atropine (mAChR antagonist), pralidoxime (AChE reactivator <30min). BCI as diagnostic sensor for exposure detection.", "dual_use": "silicon_only", "clinical": { "therapeutic_analog": "BCI-guided cholinergic crisis detection and countermeasure", "conditions": [ "organophosphate poisoning", "nerve agent exposure" ], "fda_status": "none", "evidence_level": "preclinical" }, "governance": { "consent_tier": "IRB", "data_classification": "PHI", "safety_ceiling": "DEFENSIVE: threat modeling and countermeasure detection only" } }, "sources": [ "O'Donnell 2011 DOI:10.1007/s00204-011-0724-z PMID:21695469", "Yanagisawa 2006 DOI:10.1016/j.jns.2006.06.007 PMID:16962140" ], "tara_alias": "TARA-COG-D-008" }, { "id": "QIF-T0153", "attack": "Cholinergic medication status inference from BCI EEG spectral biomarkers", "tactic": "QIF-D.HV", "bands": "N1-N2", "band_ids": [ "N1", "N2" ], "status": "THEORETICAL", "severity": "medium", "ui_category": "SE", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "MEM", "IDN" ], "tara_mode": "R", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "EEG spectral signatures track cholinergic tone. 14-biomarker mAChR index achieves 88-92% accuracy detecting mAChR antagonist administration (Simpraga 2017). AChEI drugs produce drug-specific alpha/theta/beta patterns (Arjmandi-Rad 2024, 24-study review). Passive BCI data inference attack: infer medication status (donepezil = Alzheimer's diagnosis proxy), disease progression, acute cholinergic changes. No stimulation required.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "EEG pharmacodynamic biomarker monitoring", "conditions": [ "Alzheimer's disease", "cholinergic monitoring" ], "fda_status": "none", "evidence_level": "clinical_pilot" }, "governance": { "consent_tier": "IRB", "data_classification": "PHI", "safety_ceiling": "Data-only attack; countermeasure: differential privacy on EEG spectral features" } }, "sources": [ "Simpraga 2017 DOI:10.1038/s41598-017-06165-4 PMID:28720796", "Arjmandi-Rad 2024 PMID:37843690" ], "tara_alias": "TARA-COG-R-013" }, { "id": "QIF-T0154", "attack": "VNS disynaptic serotonin upregulation (NTS->LC->DRN pathway)", "tactic": "QIF-N.MD", "bands": "N1-N4", "band_ids": [ "N1", "N2", "N3", "N4" ], "status": "CONFIRMED", "severity": "medium", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_domain_primary": "EMO", "tara_domain_secondary": [ "COG" ], "tara_mode": "M", "physics_feasibility": { "tier": 1, "tier_label": "near_term" }, "tara": { "mechanism": "VNS activates vagal afferents -> NTS -> locus coeruleus (NE, obligate intermediary) -> dorsal raphe nucleus (DRN, 5-HT). LC lesioning completely blocks 5-HT response (Dorr & Debonnel 2006). 14-day latency for serotonin effect (acute NE only). Disynaptic peripheral-to-brainstem cascade distinct from T0009 (EM cortical) and T0136 (photon CCO).", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "VNS for treatment-resistant depression", "conditions": [ "treatment-resistant depression" ], "fda_status": "approved", "evidence_level": "preclinical_strong" }, "governance": { "consent_tier": "IRB", "data_classification": "PHI", "safety_ceiling": "20Hz, 500us, 0.25mA; 30s ON/5min OFF" } }, "sources": [ "Dorr & Debonnel 2006 PMID:16690723 PMC2702444" ], "tara_alias": "TARA-EMO-M-010" }, { "id": "QIF-T0155", "attack": "Transcranial focused ultrasound DRN serotonin release (Piezo1/TRPA1 mechanotransduction)", "tactic": "QIF-N.MD", "bands": "I0-N3", "band_ids": [ "I0", "N1", "N2", "N3" ], "status": "EMERGING", "severity": "high", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_domain_primary": "EMO", "tara_domain_secondary": [ "COG" ], "tara_mode": "M", "physics_feasibility": { "tier": 2, "tier_label": "mid_term" }, "tara": { "mechanism": "Low-intensity focused ultrasound (1.1MHz, 50% duty cycle, 30min/day x14 days) targets dorsal raphe nucleus with mm spatial precision. Acoustic pressure activates Piezo1 mechanosensitive channels (PNAS 2023) -> Ca2+ influx -> 5-HT release. LC-MS confirmed serotonin increase in DRN (Zeng 2022, PMID:35998565). No RF signature, no surface contact. High severity: precise deep targeting without EM emission.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "tFUS for treatment-resistant depression via DRN", "conditions": [ "treatment-resistant depression", "OCD" ], "fda_status": "investigational", "evidence_level": "preclinical" }, "governance": { "consent_tier": "enhanced", "data_classification": "sensitive_neural", "safety_ceiling": "Sub-thermal; MI <1.9 (FDA diagnostic)" } }, "sources": [ "Zhu 2023 PMID:35998565", "Duque 2023 DOI:10.1073/pnas.2300291120 PMC10161134" ], "tara_alias": "TARA-EMO-M-011" }, { "id": "QIF-T0156", "attack": "High-frequency electroacupuncture dorsal raphe serotonin drive (100Hz peripheral afferent)", "tactic": "QIF-N.MD", "bands": "I0-N5", "band_ids": [ "I0", "N1", "N2", "N3", "N4", "N5" ], "status": "CONFIRMED", "severity": "medium", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_domain_primary": "EMO", "tara_domain_secondary": [ "COG", "SOM" ], "tara_mode": "M", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "100Hz electroacupuncture (ST36/SP6, 1-2mA, 0.2ms pulse, 45min) selectively activates serotonergic DRN neurons. pCPA (5-HT synthesis blocker) abolishes effect, confirming serotonin necessity (Lin 2017). Frequency-selective: 100Hz=5-HT (DRN), 2Hz=opioid (enkephalin). Second mechanism: 2Hz at GV20/GV29 downregulates miRNA-16 -> reduces SERT -> increases synaptic 5-HT (Zhao 2019). Peripheral needle -> spinal -> brainstem pathway.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "Electroacupuncture for depression, chronic pain", "conditions": [ "depression", "chronic pain", "pain-depression comorbidity" ], "fda_status": "none", "evidence_level": "clinical_pilot" }, "governance": { "consent_tier": "standard", "data_classification": "non_sensitive", "safety_ceiling": "Regulatory gap: EA needles not FDA pre-market approved for every use" } }, "sources": [ "Wu 2017 PMID:28672900 PMC5488474", "Zhao 2019 PMID:31929820 PMC6942800" ], "tara_alias": "TARA-EMO-M-012" }, { "id": "QIF-T0157", "attack": "Acute tryptophan depletion — serotonin precursor starvation via LAT1 competition", "tactic": "QIF-C.EX", "bands": "N4-N7", "band_ids": [ "N4", "N5", "N6", "N7" ], "status": "CONFIRMED", "severity": "medium", "ui_category": "EX", "classical": "Yes", "quantum": "No", "tara_domain_primary": "EMO", "tara_domain_secondary": [ "COG" ], "tara_mode": "M", "physics_feasibility": { "tier": 0, "tier_label": "feasible_now" }, "tara": { "mechanism": "65g large neutral amino acid mixture (excluding tryptophan) floods LAT1 BBB transporter -> tryptophan uptake reduced 80-90% within 5-6hrs -> TPH2 substrate starvation -> central 5-HT synthesis crashes. Effects: impaired reward learning, reduced happy face recognition. Resolves in 24hrs. EPISTEMIC FLAG: direct evidence that ATD reduces extracellular 5-HT is inconsistent (Bell 2001, PMID:21339754). First purely metabolic/dietary TARA technique — no device required. Tryptophan competes with tyrosine at LAT1: asymmetric damage to 5-HT vs DA.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "ATD challenge paradigm for depression vulnerability research", "conditions": [ "depression vulnerability testing" ], "fda_status": "none", "evidence_level": "clinical_validated" }, "governance": { "consent_tier": "IRB", "data_classification": "non_sensitive", "safety_ceiling": "Reversible within 24hrs; requires food supply access" } }, "sources": [ "Young 2013 PMC3756112", "van Donkelaar 2011 PMID:21339754" ], "tara_alias": "TARA-EMO-M-013" }, { "id": "QIF-T0158", "attack": "Silent excitatory/inhibitory ratio manipulation (sub-threshold seizure priming)", "tactic": "QIF-P.DS", "bands": "I0-N2", "band_ids": [ "I0", "N1", "N2" ], "status": "THEORETICAL", "severity": "high", "ui_category": "DS", "classical": "Yes", "quantum": "No", "tara_domain_primary": "AUT", "tara_domain_secondary": [ "COG", "MOT" ], "tara_mode": "M", "physics_feasibility": { "tier": 3, "tier_label": "far_term" }, "tara": { "mechanism": "Sub-threshold anodal tDCS (1-2mA, repeated sessions over weeks) drives polarity-dependent shift: GABA down 10-30%, Glu up (dose-dependent). Net: progressive seizure threshold reduction without acute clinical presentation. Attack completed by separate trigger event. Distinct from T0122 (kindling: implanted electrodes, amygdala) and T0026/T0029 (acute superthreshold). Operates sub-threshold, non-invasive, preparatory not direct.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "tDCS research (same parameters, different intent)", "conditions": [ "research tool" ], "fda_status": "investigational", "evidence_level": "theoretical" }, "governance": { "consent_tier": "enhanced", "data_classification": "sensitive_neural", "safety_ceiling": "1-2mA repeated; biomarker: Glu/GABA ratio shift measurable by 7T MRS" } }, "sources": [ "Heimrath 2020 DOI:10.1038/s41598-020-77111-0", "Nitsche 2003 PMC2343495" ], "tara_alias": "TARA-AUT-M-003" }, { "id": "QIF-T0159", "attack": "LIFU astrocytic gliotransmission (acoustic TRPA1->extrasynaptic NMDA)", "tactic": "QIF-N.MD", "bands": "I0-N2", "band_ids": [ "I0", "N1", "N2" ], "status": "EMERGING", "severity": "high", "ui_category": "DM", "classical": "Yes", "quantum": "No", "tara_domain_primary": "COG", "tara_domain_secondary": [ "MEM" ], "tara_mode": "M", "physics_feasibility": { "tier": 2, "tier_label": "mid_term" }, "tara": { "mechanism": "Pulsed LIFU (0.5MHz, <10% duty cycle) activates astrocytic TRPA1 mechanosensitive channels -> Ca2+ influx -> Best1-mediated glutamate release (gliotransmission) -> extrasynaptic NR2B-enriched NMDA receptors -> neuronal depolarization. Distinct: (1) acoustic not EM, (2) astrocyte-first not neuron-first, (3) gliotransmission not synaptic vesicle, (4) extrasynaptic NMDA pool pharmacologically distinct from synaptic. Confirmed: Gu & Han 2019, Current Biology.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "tFUS for depression, OCD, essential tremor", "conditions": [ "depression", "OCD", "essential tremor" ], "fda_status": "investigational", "evidence_level": "preclinical" }, "governance": { "consent_tier": "enhanced", "data_classification": "sensitive_neural", "safety_ceiling": "ISPTA <720 mW/cm2; penetration up to 7cm transcranially" } }, "sources": [ "Gu & Han 2019 Current Biology DOI:10.1016/j.cub.2019.08.021 PMID:31588000", "Deffieux 2023 Neuron DOI:10.1016/j.neuron.2023.02.002" ], "tara_alias": "TARA-COG-M-021" }, { "id": "QIF-T0160", "attack": "FUS-BBB breach as excitotoxic glutamate priming vector", "tactic": "QIF-P.DS", "bands": "I0-N3", "band_ids": [ "I0", "N1", "N2", "N3" ], "status": "THEORETICAL", "severity": "critical", "ui_category": "DS", "classical": "Yes", "quantum": "No", "tara_domain_primary": "AUT", "tara_domain_secondary": [ "COG", "SOM" ], "tara_mode": "D", "physics_feasibility": { "tier": 3, "tier_label": "far_term" }, "tara": { "mechanism": "High-intensity FUS + IV microbubbles -> acoustic cavitation -> BBB tight junction breach (24-48hr opening) -> perivascular ionic disequilibrium -> EAAT2 transport impaired -> extracellular glutamate elevated -> NMDA overactivation -> excitotoxic Ca2+ overload -> perilesional neuron death. EPISTEMIC FLAG: direct FUS-BBB->glutamate surge link is INFERRED from ischemia literature, not directly demonstrated in FUS-BBB studies. Attack surface: adversarial modification of therapeutic FUS parameters in clinical setting.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "FUS-BBB opening for Alzheimer's drug delivery, glioblastoma", "conditions": [ "Alzheimer's disease", "glioblastoma" ], "fda_status": "investigational", "evidence_level": "theoretical" }, "governance": { "consent_tier": "IRB", "data_classification": "PHI", "safety_ceiling": "Requires medical FUS system + IV access; clinical workflow is the attack surface" } }, "sources": [ "Lipsman 2018 Nature Communications (FUS-BBB Alzheimer's)", "Timbie 2024 Neurotherapeutics DOI:10.1016/j.neurot.2024.e00038" ], "tara_alias": "TARA-AUT-D-003" }, { "id": "QIF-T0161", "attack": "Cortical spreading depression initiation (autonomous glutamate wave)", "tactic": "QIF-P.DS", "bands": "I0-N3", "band_ids": [ "I0", "N1", "N2", "N3" ], "status": "EMERGING", "severity": "critical", "ui_category": "DS", "classical": "Yes", "quantum": "No", "tara_domain_primary": "AUT", "tara_domain_secondary": [ "COG", "SOM", "VIS" ], "tara_mode": "D", "physics_feasibility": { "tier": 2, "tier_label": "mid_term" }, "tara": { "mechanism": "Brief suprathreshold focal stimulation raises local [K+]ext past CSD ignition threshold (~12mM). CaV-dependent NMDA activation required for ignition. Once ignited: SELF-PROPAGATING K+/glutamate positive feedback wave at 2-5mm/min across cortex. Attacker delivers brief burst and withdraws; CSD continues autonomously 1-5min. Aftermath: 5-15min cortical silence (spreading depression). ECT reliably generates postictal CSD in mice AND humans (Rosenthal 2025, Nature Communications). Distinct from T0026/T0029: self-propagating after trigger withdrawal.", "dual_use": "confirmed", "clinical": { "therapeutic_analog": "CSD as migraine intervention target; ECT therapeutic mechanism", "conditions": [ "migraine", "ECT mechanism research" ], "fda_status": "none", "evidence_level": "preclinical_strong" }, "governance": { "consent_tier": "IRB", "data_classification": "PHI", "safety_ceiling": "Susceptibility elevated in migraine patients, TBI, cortical hyperexcitability" } }, "sources": [ "Rosenthal 2025 Nature Communications DOI:10.1038/s41467-025-59900-1", "Vitale 2023 PMC10408042" ], "tara_alias": "TARA-AUT-D-004" } ], "deprecated": [ { "file": "shared/threat-matrix.json", "reason": "Legacy ONI-era threat matrix (24 techniques, ONI-T### IDs). Superseded by this atlas.", "migration": "All ONI-T### techniques merged into QIF-T#### range. See legacy_ids field on each technique." }, { "schema": "v2.0 (MITRE-compatible IDs)", "reason": "QIF-T2xxx IDs replaced with QIF-T0xxx sequential IDs in v3.0. MITRE tactic IDs (TA####) replaced with QIF Locus Taxonomy IDs.", "migration": "See legacy_technique_id field on each technique. Tactic legacy_ids on each tactic definition." } ], "taxonomy": "QIF Locus Taxonomy v1.0", "scoring": "NISS v1.1 (Neural Impact Scoring System)", "generated": "2026-02-09T04:30:00Z", "legacy_mitre_compatibility": { "id_range": "T2001-T2899 (avoids collision with MITRE ATT&CK T1001-T1659)", "tactic_ids": "Standard MITRE TA#### where applicable, TA0050-TA0053 for BCI-specific", "note": "DEPRECATED: QIF now uses the Locus Taxonomy with original identifiers. Legacy MITRE cross-references preserved in technique cross_references field." }, "domains": [ { "code": "N", "name": "Neural", "description": "Direct interface with neural tissue — signal manipulation, electrode boundary, ion channels." }, { "code": "C", "name": "Cognitive", "description": "Higher-order psychological processes — memory, attention, identity, agency." }, { "code": "P", "name": "Physiological", "description": "Somatic systems — motor control, autonomic functions, physical harm." }, { "code": "D", "name": "Data", "description": "Information acquisition and manipulation — brainwave recordings, neural metadata." }, { "code": "B", "name": "BCI System", "description": "Hardware/software of the BCI device — firmware, protocols, authentication." }, { "code": "M", "name": "Model", "description": "Machine learning models used in BCI — decoders, classifiers, feedback systems." }, { "code": "E", "name": "Energy", "description": "Directed energy attacks — ELF, microwave, RF, temporal interference." } ], "niss_spec": { "version": "1.1", "metrics": { "BI": { "name": "Biological Impact", "values": { "N": 0.0, "L": 3.3, "H": 6.7, "C": 10.0 }, "description": "Severity of tissue damage from neural interface attacks" }, "CR": { "name": "Cognitive Reconnaissance", "values": { "N": 0.0, "L": 3.3, "H": 6.7, "C": 10.0 }, "description": "Degree of unauthorized cognitive read access: thought decoding, neural data inference, intent extraction" }, "CD": { "name": "Cognitive/Functional Disruption", "values": { "N": 0.0, "L": 3.3, "H": 6.7, "C": 10.0 }, "description": "Degree of unauthorized disruption to cognitive processing, sensory perception, motor output, or autonomic regulation" }, "CV": { "name": "Consent Violation", "values": { "N": 0.0, "P": 3.3, "E": 6.7, "I": 10.0 }, "description": "Whether the attack violates neural data consent" }, "RV": { "name": "Reversibility", "values": { "F": 0.0, "T": 3.3, "P": 6.7, "I": 10.0 }, "description": "Whether neural or biological damage can be reversed" }, "NP": { "name": "Neuroplasticity", "values": { "N": 0.0, "T": 3.3, "P": 6.7, "S": 10.0 }, "description": "Whether the attack causes lasting neural pathway changes" } }, "formula": "NISS = sum(w_i * M_i) / sum(w_i), default weights: BI=1.0, CR=0.5, CD=0.5, CV=1.0, RV=1.0, NP=1.0", "weights": { "default": { "BI": 1.0, "CR": 0.5, "CD": 0.5, "CV": 1.0, "RV": 1.0, "NP": 1.0 } }, "context_profiles": { "clinical": { "BI": 2.0, "CR": 1.0, "CD": 2.0, "CV": 1.0, "RV": 2.0, "NP": 1.0 }, "research": { "BI": 1.0, "CR": 2.0, "CD": 1.5, "CV": 2.0, "RV": 1.0, "NP": 1.5 }, "consumer": { "BI": 1.0, "CR": 2.0, "CD": 1.0, "CV": 2.0, "RV": 1.0, "NP": 1.0 }, "military": { "BI": 2.0, "CR": 2.0, "CD": 2.0, "CV": 0.5, "RV": 1.5, "NP": 1.5 } }, "pins": { "description": "Potential Impact to Neural Safety", "trigger": "BI >= H OR RV == I", "type": "boolean" }, "severity_scale": { "none": "0.0", "low": "0.1-3.9", "medium": "4.0-6.9", "high": "7.0-8.9", "critical": "9.0-10.0" }, "rounding": "ceil(score * 10) / 10", "vector_format": "NISS:1.1/BI:/CR:/CD:/CV:/RV:/NP:" }, "tara_spec": { "version": "1.0", "name": "TARA — Therapeutic Applications & Risk Assessment", "description": "Mechanism-first Rosetta Stone. Same physical phenomenon, four stakeholder views. Security researchers see attack vectors. Clinicians see therapeutic modalities. Regulators see compliance requirements. Engineers see physical parameters.", "dual_use_classifications": { "confirmed": "Published therapeutic and security applications exist for this mechanism", "probable": "Strong theoretical basis for dual-use; therapeutic research underway", "possible": "Mechanism could have therapeutic applications but no published evidence", "silicon_only": "Pure digital/firmware/infrastructure attack with no neural therapeutic analog" }, "consent_tiers": { "standard": "Standard informed consent (data collection, non-invasive monitoring)", "enhanced": "BCI-specific consent (stimulation, neural recording, neural data processing)", "IRB": "Institutional Review Board approval required (research, novel therapeutic applications)", "prohibited": "Application prohibited outside controlled research (unacceptable risk)" }, "fda_statuses": { "cleared": "FDA 510(k) clearance for predicate device equivalence", "approved": "FDA PMA (Premarket Approval) for Class III devices", "breakthrough": "FDA Breakthrough Device designation (expedited review)", "investigational": "Under IDE (Investigational Device Exemption)", "none": "No FDA regulatory pathway established", "N/A": "Not applicable (silicon-only or non-device mechanism)" }, "evidence_levels": { "meta_analysis": "Systematic reviews and meta-analyses (highest)", "RCT": "Randomized controlled trials", "cohort": "Observational cohort studies", "case_series": "Case series and reports", "preclinical": "Animal or in-vitro studies", "theoretical": "No empirical evidence yet", "N/A": "Not applicable" }, "data_classifications": { "PHI": "Protected Health Information (HIPAA/HITECH)", "sensitive_neural": "Neural data with enhanced protections (proposed neurorights)", "PII": "Personally identifiable information (GDPR Art. 9 special category)", "restricted": "Restricted access (need-to-know basis)", "internal": "Internal operational data", "public": "Publicly available information" } }, "schema_extensions": { "feeds_into": { "added": "2026-02-11", "description": "Links S-domain (Consumer Sensor Exploitation) techniques to core TARA techniques and tactics they enable in the BCI attack chain", "format": { "targets": "Array of TARA technique IDs (QIF-Txxxx) and/or tactic IDs (QIF-X.YY)", "note": "Human-readable explanation of the relationship" } } }, "dsm5_spec": { "version": "1.0", "name": "DSM-5-TR Diagnostic Mapping via Neural Impact Chain", "description": "Maps BCI techniques to psychiatric diagnoses through the hourglass band model. NISS metrics predict diagnostic clusters. First known formal BCI threat-to-psychiatric-diagnosis taxonomy.", "methodology": "Band → Structure → Function → NISS (quantitative) + DSM (qualitative)", "positioning": "RDoC-aligned, BCI-specific, with quantitative bridge (NISS) to traditional nosology (DSM-5-TR)", "band_profiles": { "N7": { "structures": [ "PFC", "M1", "V1", "Broca", "Wernicke" ], "functions": [ "executive function", "language", "movement", "perception" ], "primary_codes": [ "F20", "F32", "F90", "F42" ], "secondary_codes": [ "F30", "F43", "F80", "F60", "F63", "F01", "F98.4" ] }, "N6": { "structures": [ "hippocampus", "amygdala", "insula" ], "functions": [ "emotion regulation", "memory consolidation", "interoception" ], "primary_codes": [ "F32", "F41.1", "F43.10", "F44" ], "secondary_codes": [ "F30", "F42", "F50", "F10", "F60", "F45", "F63", "F01" ] }, "N5": { "structures": [ "striatum", "STN", "substantia nigra" ], "functions": [ "motor selection", "reward processing", "habit formation" ], "primary_codes": [ "F90", "F10", "F42", "F95" ], "secondary_codes": [ "F20", "F50", "G25.89" ] }, "N4": { "structures": [ "thalamus", "hypothalamus" ], "functions": [ "sensory gating", "consciousness", "homeostasis" ], "primary_codes": [ "F20", "G47", "F44" ], "secondary_codes": [ "F32", "F50", "F52" ] }, "N3": { "structures": [ "cerebellar cortex", "deep cerebellar nuclei" ], "functions": [ "motor coordination", "timing", "cognitive integration" ], "primary_codes": [ "F82", "F84" ], "secondary_codes": [ "F20", "F90", "F30", "F32", "F41.1", "F01" ] }, "N2": { "structures": [ "medulla", "pons", "midbrain" ], "functions": [ "vital functions", "arousal", "neurotransmitter production" ], "primary_codes": [ "G47" ], "secondary_codes": [ "F32", "F41.0", "F10", "F01" ] }, "N1": { "structures": [ "spinal cord" ], "functions": [ "reflexes", "peripheral relay", "pain processing" ], "primary_codes": [ "F45", "F44.4" ], "secondary_codes": [ "F82" ] }, "I0": { "structures": [ "electrode-tissue boundary" ], "functions": [ "measurement", "signal transduction" ], "primary_codes": [ "F43.2" ], "secondary_codes": [] }, "S1": { "structures": [ "ASIC/analog front-end" ], "functions": [ "hardware processing" ], "primary_codes": [], "secondary_codes": [] }, "S2": { "structures": [ "firmware/DSP" ], "functions": [ "signal processing" ], "primary_codes": [], "secondary_codes": [] }, "S3": { "structures": [ "network/cloud" ], "functions": [ "data pipeline" ], "primary_codes": [], "secondary_codes": [] } }, "niss_dsm_bridge": { "BI": { "risk_domain": "Structural/Tissue damage", "primary_clusters": [ "motor_neurocognitive" ], "dsm_chapters": [ "Motor (F82/F95)", "Neurocognitive (F01-G31)" ] }, "CR": { "risk_domain": "Cognitive read access (thought decoding, neural data inference)", "primary_clusters": [ "cognitive_psychotic" ], "dsm_chapters": [ "Neurodevelopmental (F70-F98)", "Schizophrenia Spectrum (F20-F29)" ] }, "CD": { "risk_domain": "Cognitive write access (perception manipulation, identity modification)", "primary_clusters": [ "cognitive_psychotic" ], "dsm_chapters": [ "Neurodevelopmental (F70-F98)", "Schizophrenia Spectrum (F20-F29)" ] }, "CV": { "risk_domain": "Consent/autonomy violation", "primary_clusters": [ "mood_trauma" ], "dsm_chapters": [ "Depressive (F32-F34)", "Anxiety (F40-F41)", "Trauma/PTSD (F43)", "Dissociative (F44)" ] }, "RV": { "risk_domain": "Chronicity modifier", "primary_clusters": [ "persistent_personality" ], "dsm_chapters": [ "Distinguishes acute (F43.2) vs persistent (F34.1) presentations" ] }, "NP": { "risk_domain": "Lasting neural change", "primary_clusters": [ "persistent_personality" ], "dsm_chapters": [ "Personality (F60-F69)", "Neurodegenerative (G30-G31)" ] } }, "diagnostic_clusters": { "cognitive_psychotic": { "label": "Cognitive/Psychotic", "color": "#f59e0b", "niss_drivers": [ "CR", "CD", "BI" ], "dsm_chapters": [ "Schizophrenia Spectrum (F20-F29)", "Neurodevelopmental (F70-F98)", "Neurocognitive (F01-G31)" ] }, "mood_trauma": { "label": "Mood/Trauma", "color": "#eab308", "niss_drivers": [ "CV", "CR", "CD" ], "dsm_chapters": [ "Depressive (F32-F34)", "Anxiety (F40-F41)", "Trauma/PTSD (F43)", "Dissociative (F44)", "OCD (F42)" ] }, "motor_neurocognitive": { "label": "Motor/Neurocognitive", "color": "#ef4444", "niss_drivers": [ "BI", "NP" ], "dsm_chapters": [ "Motor (F82/F95)", "Neurocognitive (F01-G31)", "Somatic Symptom (F45)" ] }, "persistent_personality": { "label": "Persistent/Personality", "color": "#a855f7", "niss_drivers": [ "NP", "RV" ], "dsm_chapters": [ "Personality (F60-F69)", "Neurodegenerative (G30-G31)" ] }, "non_diagnostic": { "label": "Non-Diagnostic", "color": "#94a3b8", "niss_drivers": [], "dsm_chapters": [] } } } }