Inexpensive brain-computer interfaces could be used maliciously to obtain private information, such as PINs stored in one's memory, according to researchers. Are you ready for brain spyware?
The Emotiv Epoc headset sells for US$299.
(Credit: Emotiv Systems)
Are the deepest secrets of your mind safe? Could thieves trick you into revealing your bank card PIN or computer passwords, just by thinking about them?
Theoretically, it could happen.
Ivan Martinovic of the University of Oxford, UK, and colleagues at the University of Geneva, Switzerland, and the University of California (Berkeley), California, describe research into that question in a paper entitled On the Feasibility of Side-Channel Attacks With Brain-Computer Interfaces, which was presented earlier this month at the 21st USENIX Security Symposium.
The research was inspired by the growing number of games and other mind-related apps that are available for low-cost consumer electroencephalography (EEG) devices, such as Emotiv's Epoc headset, which lets users interact with computers, using their thoughts alone.
Malicious developers could create a "brain spyware" app, designed to trick users into thinking about sensitive information, which it would then steal.
The research focused on the P300 brain signal, often emitted when something meaningful is recognised. It has been considered in the design of recent lie detectors.
Twenty-eight subjects using Emotiv headsets were shown images, such as numbers, bank cards, ATMs and people's faces, while being asked specific questions that target specific information.
Their brain waves, specifically the P300, were treated with signal processing software. The private information extracted from the tests were 15-40 per cent less random, or uncertain, compared to guessing alone.
"The captured EEG signal could reveal the user's private information about, for example, bank cards, PIN numbers," the researchers conclude.
"This is still very noisy data signal, (and the) devices are not made for detecting these kinds of patterns," Martinovic told the conference, "But, it was possible to see that, in any of these experiments, we could actually perform better than a pure random guess."
He noted that the quality of the EEG devices, and the signals they produce, is bound to improve, and attackers could exploit that increased accuracy.
"There's a question about whether there is a potential for more sophisticated attacks — can we embed these attacks in videos, online games?"
In the future, when you're playing at being Professor X and controlling things with your thoughts, have a care for who might be eavesdropping.