“Brain-computer interfaces, or BCIs — sounds like a fictional cyberpunk creation, the stuff of virtual reality,” says DJ Pangburn at Death and Taxes. “Not so.” BCI controllers are very real, and use your brainwaves to control onscreen action in things such as video games. Companies like Emotiv sell them off the shelf, and the technology is starting to gain traction. But now, scientists are warning that these mind-reading headsets could one day be used to glean your personal information, potentially giving hackers access to your PIN, or the location of your home. Yep, says Gregory Ferenstein at TechCrunch, it’s “super creepy.” Here’s what you should know:
How do these brain-computer interfaces work?
BCI controllers sit on your head and read your brain’s electrical activity with an electroencephalograph, or EEG. While the devices can’t read your exact thoughts, hands-free controllers like the $300 product sold by Emotiv distinguish between two brain states: Relaxed and concentrating. Essentially, it’s like playing a video game with only one button (which some players find underwhelming). BCIs also have medical applications, and are frequently used to gather neuro-feedback on things like sleep disorders, epilepsy, driver alertness, and more, says Death and Taxes’ Pangburn.
How can they be used steal personal information?
A joint paper authored by researchers from the University of Oxford, University of Geneva, and UC Berkeley demonstrated how Emotiv’s headset can be used to extract information like a PIN. Researchers used the BCI controller to zero in on a specific brain-wave signal called P300, which spikes anytime the wearer sees something he recognizes, like a picture of his mother, or his Social Security number. In this experiment, the study’s administrators showed participants pictures of things like President Obama, their home locations, their birth month, and possible PINs while simultaneously monitoring P300′s activity.
What did the researchers find?
By monitoring brainwaves while participants were shown such pictures and numbers, researchers could correctly guess the first digit of a participant’s PIN 20 percent of the time, “the regional location of their home 30 percent, birth month 60 percent, and the bank branch of their ATM 30 percent,” says TechCrunch’s Ferenstein. Obviously, that’s not the greatest success rate, “but it’s much quicker and closer than trying to simply guess a 16-digit credit card number or home address,” says Ben Weitzenkorn at Security News Daily. With a little more refinement, researchers think brain-hackers could score more accurate results.
But in practice, how would hackers steal my PIN?
Imagine a hacker gains access to your gaming network while you’re hooked up to a brain-computer interface. He briefly flashes PIN combinations onto the screen, and remotely monitors your P300 signal. Implausible, yes. But such a scheme would at least increase the hacker’s odds of correctly guessing your PIN. Indeed, “as brain-wave reading technologies become more pervasive, it appears we will inadvertently leave ourselves vulnerable to a new security threat,” says Ferenstein: “Mind hacking.”