QIF-T0051
highNeural data privacy breach
Tier 2 — Validated (Independently Replicated)
Legacy status: CONFIRMED
Unauthorized access to recorded neural data across any band. Harvest raw EEG from consumer devices, decode intent/emotion. GDPR Article 9 (special category data). NSP end-to-end encryption from I0 to cloud.
Technique Details
- Tactic
- QIF-D.HV
- Status
- CONFIRMED
- Bands
- N1, S1, S2, S3
✚ Therapeutic Application
Unauthorized access to or exfiltration of recorded neural data
Clinical Analog
Clinical neural data management for treatment optimization
Treats
- treatment response tracking
- longitudinal disease monitoring
- clinical research
Neural Impact
4 of 7 neural bands affected
Drag to rotate. Click a region to learn more.
Click or hover over a glowing region to see the attack techniques targeting it and their severity.
DSM-5-TR Diagnostic Mappings
Diagnostic category references for threat modeling, not diagnostic claims.
Pathway: N1 (spinal cord) → reflexes
Following Poldrack (2006), brain region disruption does not uniquely predict psychiatric outcomes.
Scoring
NISS:1.1/BI:N/CR:L/CD:L/CV:E/RV:F/NP:N CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N Governance
Neurorights at Risk
This technique threatens 2 of the 4 proposed neurorights (Ienca & Andorno, 2017).
FDORA §3305 Compliance
- ! CVSS cannot express neural-specific impacts
- ! No FDA pathway for consumer sensor exploitation
Population Vulnerability
CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.
| Population | NISS Base | Adjusted | Severity | Delta |
|---|---|---|---|---|
| Adult (Default) | 2.0 | 2.0 | Low | - |
| Child (10yr) + ADHD | 2.0 | 2.4 | Low | +0.35 |
| Adult with ALS | 2.0 | 2.3 | Low | +0.32 |
Validation Status
Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.