In a study of 28 subjects wearing brain-machine interface devices built by companies like Neurosky and Emotiv and marketed to consumers for gaming and attention exercises, the researchers found they were able to extract hints directly from the electrical signals of the test subjects’ brains that partially revealed private information like the location of their homes, faces they recognized and even their credit card PINs.
Brain-computer interface or BCIs are generally used in a medical setting with very expensive equipment, but in the last few years cheaper, commercial offerings have emerged. For $200-300, you can buy an Emotive or Neurosky BCI, go through a short training process, and begin mind controlling your computer.
“These devices have access to your raw EEG [electroencephalography, or electrical brain signal] data, and that contains certain neurological phenomena triggered by subconscious activities,” says Ivan Martinovic, a member of the faculty in the department of computer science at Oxford.
“So the central question we were asking with this is work was, is this is a privacy threat?” To extract this information, the researchers rely on what’s known as the P300 response a very specific brainwave pattern that occurs when you recognize something that is meaningful, or when you recognize something that fits your current task.
The researchers basically designed a program that flashes up pictures of maps, banks, and card PINs, and makes a note every time your brain experiences a P300.
The researchers found they could guess which of those random numbers was the first digit in the PIN with about 30% accuracy on the first try–far from a home run, but a significantly higher success rate than a random guess.
This brain hack can only improve in efficacy as BCIs become cheaper, more accurate, and thus more extensively used. “But social engineering could make that possible. Attackers are creative.” What do you thing about a Brain Malware ?