QIF-T0064

medium

User consent fatigue (neural permission flooding)

Tier 4 — Demonstrated (Case Study / Observational)

Legacy status: EMERGING

Flood user with BCI-mediated permission requests until cognitive fatigue leads to reflexive approval of malicious requests. Exploits the neural-intent interface where 'yes/no' decisions may be captured from brain signals. BCI app ecosystems with frequent permission prompts are the attack surface.

Technique Details

Tactic: QIF-B.EV
Status: EMERGING
Bands: S2, S3, N7

✚ Therapeutic Application

Flooding BCI user with permission requests until cognitive fatigue leads to reflexive approval

Clinical Analog

UX design for cognitive accessibility in medical BCIs

Treats

BCI usability for cognitively impaired users
consent interface design

Neural Impact

3 of 7 neural bands affected

S2 S3 N7

Drag to rotate. Click a region to learn more.

Click or hover over a glowing region to see the attack techniques targeting it and their severity.

DSM-5-TR Diagnostic Mappings

Diagnostic category references for threat modeling, not diagnostic claims.

F20 Schizophrenia Spectrum F32 Major Depressive Disorder F90 ADHD F42 OCD F30 Manic episode F43 PTSD / Trauma F80 Communication Disorders F60 Personality Disorders F63 Impulse-Control Disorders F01 Vascular dementia F98.4 Stereotyped movement disorders

Pathway: N7 (PFC/M1) → executive function

Following Poldrack (2006), brain region disruption does not uniquely predict psychiatric outcomes.

Scoring

NISS v1.1 NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:P/NP:T

CVSS v4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

4.7Medium

Governance

Neurorights at Risk

This technique threatens 5 of the 4 proposed neurorights (Ienca & Andorno, 2017).

MP Mental Privacy CL Cognitive Liberty MI Mental Integrity DI DI PC Psychological Continuity

Consent Complexity

0.80 / 4.0

FDORA §3305 Compliance

Non-Cyber Device (missing: software)

Regulatory Coverage

0.3 / 1.0

524B Requirements

TM VA SA PM

Regulatory Gaps

! CVSS cannot express neural-specific impacts
! No FDA pathway for consumer sensor exploitation

Population Vulnerability

CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.

Population	NISS Base	Adjusted	Severity	Delta
Adult (Default)	4.7	4.7	Medium	-
Child (10yr) + ADHD	4.7	5.5	Medium	+0.83
Adult with ALS	4.7	5.5	Medium	+0.76

Validation Status

Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.

Qinnovate Neural Security Atlas Edit this on GitHub