Brain Hacking: Scientists Extract Personal Secrets With Commercial Hardware

Chalk this up to super-creepy: scientists have discovered a way to mind-read personal secrets, such as bank PIN numbers and personal associations, using a cheap headset. Utilizing commercial brain-wave reading devices, often used for hands-free gaming, the researchers discovered that they could identify when subjects recognized familiar objects, faces, or locations, which helped them better guess sensitive information. Security interrogators could benefit most immediately from the new brain hacking technique, since it would reveal when suspects are actually familiar with the face of a potential accomplice. As for bank information, scientists could guess the first PIN number only 40% of the time. But, as brain-controlled devices become more common, the researches warn that viruses could discretely display images on a screen and help tech-savvy thieves narrow down their search for private information.

Brainwave-reading devices, which control computers hands-free, have become increasingly popular for entertainment, control of prosthetics for paralyzed individuals, and military application. The latest commercial versions of brain-reading devices, often used by researchers and software developers, can cost as little as $300 (the product pictured above is the “Emotiv“).

So, in the eerily titled, “On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces,” a team of researchers from Oxford, Berkeley, and Geneva tested the liklihood that hackers could hijack the device and attempt to uncover sensitive information.

“More specifically, we are interested in understanding how easily this technology can be turned against its users to reveal their private information, that is, information they would not knowingly or willingly share,” wrote the researchers.

Participants were outfitted with commercial-grade brain-wave reading devices and shown a list of people, possible PIN numbers, and the likely location of their home. Often, when the researchers stumbled upon the actual information they were seeking, they saw an expected spike in brain-wave P300, which is known to activate when presented with familiar information. Researchers could guess the correct answer for participants’ first PIN number 20% of the time, the regional location of their home 30%, birth month 60%, and the bank branch of their ATM 30%.

With refinement, the researchers imagine that the brain-hacking technique will get more accurate. For instance, when trying to identify a persons home, “we envision possible future attacks in which the true geo- graphic location of a user is leaked by showing maps or landmarks with increased accuracy.”

For now, the most immediate benefit is for law enforcement interrogation (which is essentially a guessing game). This new technique would reveal, with higher probability, when a subject actually recoginizes the face of a potential accomplice.

But, of course, the applications are endless. Brands could use it to identify the mass-market awareness of a particular product. Facebook could identify whether users actually know the people they recommend under the “people you may know” section. As brain-wave reading technologies become more pervasive, it appears we will inadvertently leave ourselves vulnerable to a new security threat: mind hacking.