QIF-T0038

high

Brainprint theft

Tier 4 — Demonstrated (Case Study / Observational)

Legacy status: EMERGING

Extract the user's unique brainprint (ERP template, spectral fingerprint) for later replay/spoofing. Unlike passwords, neural biometrics cannot be changed. Permanent compromise if extracted.

Technique Details

Tactic: QIF-C.EX
Status: EMERGING
Bands: N6, N7

✚ Therapeutic Application

Extraction and replication of unique neural identity signatures (brainprint) from BCI data

Clinical Analog

Brain fingerprinting / neural identity verification

Treats

patient identification in BCI systems
secure access to neural devices

Neural Impact

2 of 7 neural bands affected

N6 N7

Drag to rotate. Click a region to learn more.

Click or hover over a glowing region to see the attack techniques targeting it and their severity.

DSM-5-TR Diagnostic Mappings

Diagnostic category references for threat modeling, not diagnostic claims.

F32 Major Depressive Disorder F41.1 Generalized Anxiety Disorder F43.10 PTSD F44 Dissociative Disorders F20 Schizophrenia Spectrum F90 ADHD F42 OCD F30 Manic episode F50 Eating Disorders F10 Alcohol-related disorders (F10) F60 Personality Disorders F45 Somatoform disorders F63 Impulse-Control Disorders F01 Vascular dementia F43 PTSD / Trauma F80 Communication Disorders F98.4 Stereotyped movement disorders

Pathway: N7 (PFC/M1) → executive function; N6 (hippocampus/amygdala) → emotion regulation

Following Poldrack (2006), brain region disruption does not uniquely predict psychiatric outcomes.

Scoring

NISS v1.1 NISS:1.1/BI:N/CR:H/CD:H/CV:E/RV:I/NP:N

CVSS v4.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

4.7Medium

PINSPINS triggers when Biological Impact is High/Critical or Reversibility is Irreversible. Indicates potential lasting harm to neural safety.

Governance

Neurorights at Risk

This technique threatens 4 of the 4 proposed neurorights (Ienca & Andorno, 2017).

MP Mental Privacy CL Cognitive Liberty MI Mental Integrity PC Psychological Continuity

Consent Complexity

1.44 / 4.0

FDORA §3305 Compliance

Non-Cyber Device (missing: software)

Regulatory Coverage

0.3 / 1.0

524B Requirements

TM VA PM

Regulatory Gaps

! CVSS cannot express neural-specific impacts

Population Vulnerability

CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.

Population	NISS Base	Adjusted	Severity	Delta
Adult (Default)	4.7	4.7	Medium	-
Child (10yr) + ADHD	4.7	5.5	Medium	+0.83
Adult with ALS	4.7	5.5	Medium	+0.76

Validation Status

Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.

Qinnovate Neural Security Atlas Edit this on GitHub