Brain-Computer Interface Integration With Extended Reality (XR): Future, Privacy And Security Outlook




brain-computer interface, extended reality, privacy, big tech, cybersecurity, metaverse


The Brain-Computer Interface (BCI) is a rapidly evolving technology set to revolutionize our perception of the Internet of Things (IoT). BCI facilitates direct communication between the brain and external devices, enabling the control or interaction of devices without physical intervention. BCI technology is becoming more sophisticated, allowing third-party software embedded in emerging technologies such as Virtual Reality (VR), Augmented Reality (AR), and Mixed Reality (MR) to access sensors that read brain activity. These can be grouped under the umbrella term Extended Reality (XR). While BCI technology is disrupting the way data is collected, interpreted, and utilized within IoT networks, it is important to consider the potential privacy and security threats that it poses. Previous and not-so-recent cybersecurity research only scratched the surface in terms of security and privacy aspects of the then-emerging neural and brain-connecting technologies. However, recent advances in reconstructing language, music tracks, and imagery solely based on decoding neural signals pose a significant risk of mental privacy invasion and cybersecurity abuse. In this paper, we present an analysis of the potential threats posed by the integration of BCI with VR, AR, and MR. We analyze the involvement of major technological players in shaping BCI and XR advancements, examining the potential for these technologies to create detailed user profiles and reshape the monetization of user data in the ever-more-aggressive data-driven economy. We also outline a position view on the cybersecurity aspects that are not related to privacy and profiling per se, for example, cybersecurity attacks on the brain (e.g., ``brain rewriting'' attacks) facilitated by potentially vulnerable XR-BCI devices and software. The paper concludes by emphasizing the need for further research on the privacy and security implications of XR-BCI integration and inviting deeper exploration of the topic beyond theoretical papers and toward a more applied experimental setup.

Author Biographies

Tuomo Lahtinen, University of Jyväskylä, Finland

Tuomo Lahtinen holds an M.Sc. in Computer Science from the University of Jyväskylä (2022). He's now pursuing a Ph.D. in Software and Communication Technology, researching The Security and Privacy of Brain-Computer Interface Devices. Additionally, he's a cybersecurity and software engineer at, a cybersecurity spin-off from the University of Jyväskylä.

Andrei Costin, University of Jyväskylä, Finland

Dr. Andrei Costin received his PhD from EURECOM/TelecomParisTech and is currently a Senior Lecturer/Assistant Professor of Cybersecurity with the University of Jyväskylä (Central Finland), Jyväskylä, Finland, with a particular focus on system security, IoT/firmware cybersecurity, avionics/space/aerospace security, and some aspects of Digital Privacy.

Guillermo Suarez-Tangil, IMDEA Networks Institute, Madrid, Spain

Guillermo Suarez-Tangil is Assistant Professor IMDEA Networks and Ramon y Cajal Fellow. His trajectory is characterized by over 6 years of international research experience in world-leading research centers (University College London, King's College London, and Royal Holloway). It is also characterized by quality, including pre-doctoral achievements with prestigious awards (FUNCAS).