QIF-T0097

critical

Cross-device physiological correlation (phone + watch + earbuds comprehensive health profiling)

Tier 5 — Theoretical (Modeled / Simulated)

Legacy status: THEORETICAL

The average consumer now carries 3+ sensor-equipped devices: smartphone (accelerometer, gyroscope, magnetometer, barometer, camera, microphone, ambient light, proximity, WiFi, BLE), smartwatch (PPG, accelerometer, gyroscope, SpO2, skin temperature, ECG), and earbuds (microphone, accelerometer, proximity, potentially EEG). By correlating physiological data across all devices simultaneously, an attacker builds a comprehensive health profile far exceeding what any single device captures: cardiac health (watch PPG + phone rPPG), respiratory health (phone ultrasonic + WiFi CSI), neurological health (earbud IMU tremor + phone motor patterns), mental health (watch HRV + earbud audio context + phone screen activity), and metabolic health (activity + sleep + heart rate patterns). The correlation also eliminates single-sensor noise and improves accuracy. This technique doesn't require hardware modification — only software-level data aggregation across apps on a shared platform (e.g., iOS HealthKit, Google Health Connect).

Technique Details

Tactic: QIF-S.CH
Status: THEORETICAL
Bands: S1, S2, S3, N7

✚ Therapeutic Application

Cross-device physiological data correlation across phone + watch + earbuds to build comprehensive health profile exceeding single-device capability

Clinical Analog

Multi-device remote patient monitoring for chronic disease management

Treats

heart failure decompensation prediction (multi-sensor)
diabetes management (activity + sleep + heart rate correlation)
mental health monitoring (multi-modal behavioral markers)
clinical trial endpoint monitoring

Neural Impact

4 of 7 neural bands affected

S1 S2 S3 N7

Drag to rotate. Click a region to learn more.

Click or hover over a glowing region to see the attack techniques targeting it and their severity.

DSM-5-TR Diagnostic Mappings

Diagnostic category references for threat modeling, not diagnostic claims.

F20 Schizophrenia Spectrum F32 Major Depressive Disorder F90 ADHD F42 OCD F30 Manic episode F43 PTSD / Trauma F80 Communication Disorders F60 Personality Disorders F63 Impulse-Control Disorders F01 Vascular dementia F98.4 Stereotyped movement disorders

Pathway: N7 (PFC/M1) → executive function

Following Poldrack (2006), brain region disruption does not uniquely predict psychiatric outcomes.

Scoring

NISS v1.1 NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N

CVSS v4.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

2.7Low

Governance

Neurorights at Risk

This technique threatens 5 of the 4 proposed neurorights (Ienca & Andorno, 2017).

MP Mental Privacy CL Cognitive Liberty MI Mental Integrity DI DI IDA IDA

Consent Complexity

2.25 / 4.0

FDORA §3305 Compliance

Cyber Device

Regulatory Coverage

0.2 / 1.0

524B Requirements

TM VA SA PM

Regulatory Gaps

! CVSS cannot express neural-specific impacts
! No FDA pathway for consumer sensor exploitation
! Threat not yet in regulatory threat catalogs

Population Vulnerability

CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.

Population	NISS Base	Adjusted	Severity	Delta
Adult (Default)	2.7	2.7	Low	-
Child (10yr) + ADHD	2.7	3.2	Low	+0.48
Adult with ALS	2.7	3.1	Low	+0.44

Validation Status

Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.

Qinnovate Neural Security Atlas Edit this on GitHub