Are the deepest secrets of your mind safe? Could thieves trick you into revealing your bank card PIN or computer passwords just by thinking about them?
Theoretically, it could happen.
Ivan Martinovic of the University of Oxford and colleagues at the University of Geneva and University of California at Berkeley describe research into that question in a paper entitled "On the Feasibility of Side-Channel Attacks With Brain-Computer Interfaces" presented earlier this month at the 21st USENIX Security Symposium.
The research was inspired by the growing number of games and other mind apps available for low-cost consumer EEG devices such as Emotiv's EPOC headset, which lets users interact with computers using their thoughts alone.
Malicious developers could create a "brain spyware" app designed to trick users into thinking about sensitive information, which it would then steal.
The research focused on the P300 brain signal, often emitted when something meaningful is recognized. It has been considered in the design of recent lie detectors.
Twenty eight subjects using Emotiv headsets were shown images such as numbers, bank cards, ATMs, and people's faces while being asked specific questions that target specific information.
Their brain waves, specifically the P300, were treated with signal processing software. The private info extracted from the tests was 15-40 percent less random, or uncertain, compared to guessing alone.
"The captured EEG signal could reveal the user's private information about, e.g., bank cards, PIN numbers," the researchers conclude.
"This is still very noisy data signal, (and the) devices are not made for detecting these kinds of patterns," Martinovic told the conference, "but it was possible to see that in any of these experiments, we could actually perform better than a pure random guess."
He noted that the quality of the EEG devices and the signals they produce is bound to improve, and attackers could exploit that increased accuracy.
"There's a question about whether there is a potential for more sophisticated attacks -- can we embed these attacks in videos, online games?"
In the future when you're playing Professor X and controlling things your thoughts, have a care for who might be eavesdropping.
(Via CBS Seattle)