An international group of researchers have presented a successful method to show how hackers could use a relatively cheap piece of equipment and software to gain access to secrets inside your mind.
Presented earlier this month at the USENIX Security Symposium, "On the Feasibility of Side-Channel Attacks With Brain-Computer Interfaces" discusses how with the emergence of technology that allows users to communicate via their thoughts alone, software could be developed to spy on things like your pin number or other passwords.
"The security risks involved in using consumer-grade BCI devices have never been studied and the impact of malicious software with access to the device is unexplored," the researchers abstract reads. "We take a first step in studying the security implications of such devices and demonstrate that this upcoming technology could be turned against users to reveal their private and secret information. We use inexpensive electroencephalography (EEG) based BCI devices to test the feasibility of simple, yet effective, attacks."
CNET has more on the presentation:
The research was inspired by the growing number of games and other mind apps available for low-cost consumer EEG devices such as Emotiv's EPOC headset, which lets users interact with computers using their thoughts alone.
Malicious developers could create a "brain spyware" app designed to trick users into thinking about sensitive information, which it would then steal.
The researchers tested the feasibility of this by outfitting 28 subjects with Emotive headsets, which are available to anyone for $299. They showed these subjects images like bank cards and ATMs and asked them specific questions. The researchers then used signal processing software to analyze their brainwaves.
What they found was that the uncertainty of guessing the private information was decreased 15 to 40 percent when the technology was used compared to random guessing.
CNET reports the researchers saying:
"The captured EEG signal could reveal the user's private information about, e.g., bank cards, PIN numbers," the researchers conclude.
"This is still very noisy data signal, (and the) devices are not made for detecting these kinds of patterns," Martinovic told the conference, "but it was possible to see that in any of these experiments, we could actually perform better than a pure random guess."
Researcher Ivan Martinovic said it is only a matter of time before the technology improves leaving minds vulnerable to divulging information that could give hackers more accuracy in their attacks.
Learn more about how the Emotiv EPOC headset works in this TED video from a couple years ago: