Skip to content

QIF-T0040

high

Neurophishing

Tier 4 — Demonstrated (Case Study / Observational)

Legacy status: EMERGING

Present carefully designed visual/auditory/haptic stimuli through BCI applications to elicit specific neural responses (P300, SSVEP, emotional) that reveal private information or prime the brain for subsequent attack. BCI app store is the attack surface.

Technique Details

Tactic
QIF-C.EX
Status
EMERGING
Bands
S3, N7

Therapeutic Application

Social engineering via BCI-mediated trust manipulation or subliminal stimuli

Clinical Analog

Subliminal priming research / implicit cognitive assessment

Treats

  • research tool: implicit bias assessment
  • cognitive behavioral therapy augmentation

Neural Impact

2 of 7 neural bands affected

S3 N7

Drag to rotate. Click a region to learn more.

Click or hover over a glowing region to see the attack techniques targeting it and their severity.

DSM-5-TR Diagnostic Mappings

Diagnostic category references for threat modeling, not diagnostic claims.

F20 Schizophrenia Spectrum F32 Major Depressive Disorder F90 ADHD F42 OCD F30 Manic episode F43 PTSD / Trauma F80 Communication Disorders F60 Personality Disorders F63 Impulse-Control Disorders F01 Vascular dementia F98.4 Stereotyped movement disorders

Pathway: N7 (PFC/M1) → executive function

Following Poldrack (2006), brain region disruption does not uniquely predict psychiatric outcomes.

Scoring

NISS v1.1 NISS:1.1/BI:N/CR:H/CD:H/CV:I/RV:P/NP:T
CVSS v4.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
5.4Medium
BICRCDCVRVNP
 

Governance

Neurorights at Risk

This technique threatens 5 of the 4 proposed neurorights (Ienca & Andorno, 2017).

MP Mental Privacy CL Cognitive Liberty MI Mental Integrity DI DI PC Psychological Continuity
Consent Complexity
0.96 / 4.0

FDORA §3305 Compliance

Non-Cyber Device (missing: software)
Regulatory Coverage
0.3 / 1.0
524B Requirements
TM VA PM
Regulatory Gaps
  • ! CVSS cannot express neural-specific impacts
  • ! No FDA pathway for consumer sensor exploitation

Population Vulnerability

CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.

Population NISS Base Adjusted Severity Delta
Adult (Default) 5.4 5.4 Medium -
Child (10yr) + ADHD 5.4 6.4 Medium +0.95
Adult with ALS 5.4 6.3 Medium +0.87

Validation Status

Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.

Qinnovate Neural Security Atlas Edit this on GitHub