Headset EEG hacking gives new meaning to PINheads

Aug 22, 2012 by Nancy Owano report

(Phys.org) -- Researchers at the Usenix Security conference earlier this month demonstrated a way to get into your brain and learn facts that you don’t want to reveal. Using a commercial off-the-shelf brain-computer interface, the researchers created a custom program designed to find out personal data such as address and PIN. The study, “On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces,” is by Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros, and Dawn Song. The authors point out that it is just such a commercial off the shelf brain computer interface—costing a few hundred dollars—that can run the brain-hacking show.

“Consumer-grade BCI devices are available for a few hundred dollars and are used in a variety of applications, such as video games, hands-free keyboards, or as an assistant in relaxation training,” according to the study. “There are application stores similar to the ones used for smart phones, where application developers have access to an API to collect data from the BCI devices,” they note. As the security risks involved in using consumer-grade BCI devices have not been studied, and the impact of malicious software with device access unexplored, the team had their work cut out for them.

After having a look at the devices’ security implications, they have concluded that the technology can be turned against people to reveal information the victims assume is secret.

-computer interfaces, or BCIs, have been used in medical settings, involving expensive equipment, but the researchers concerned themselves with cheaper, commercial devices. (For example, Emotiv offers an Emotiv EPOC described as a high resolution, neuro-signal acquisition and processing wireless neuroheadset for $299 and NeuroSky offers inexpensive BCI “neuroscience headsets” with a company motto, “brain wave sensors for everybody.”)

The researchers, who are from the universities of Oxford and Geneva and University of California, Berkeley, tested their mind-reading program using an Emotiv device on 28 participants.

The subjects did not know their brains were being used to extract private information; they were only told that they were going to participate in an experiment involving the privacy implications of using gaming EEG devices.

After carrying out a number of experiments, they showed the feasibility of using a cheap consumer-level BCI gaming device to partially reveal private information of the users. By analyzing EEG signals in their experiments, they were able to detect which of presented stimuli were related to the user’s private information—credit cards, PIN numbers, persons known to the user, and user’s residence.

The team said, “We show that the entropy of the private information is decreased on the average by approximately15% to 40% compared to random guessing attacks.”

Their work was supported by National Science Foundation grants, Intel ISTC for Secure Computing, and the Carl-Zeiss Foundation.

Explore further: Patent talk: Google sharpens contact lens vision

More information: www.usenix.org/conference/usenixsecurity12/feasibility-side-channel-attacks-brain-computer-interfaces

Related Stories

In a small-device world, bigger may still be better

Apr 20, 2012

In the early days, standard computers could be as large as a single story house. Over the last several decades, many development efforts have focused on shrinking them for use in the home and eventually anywhere in the world ...

Frogs' bright colors cue scientists to diversity

Aug 22, 2012

Tiny poison dart frogs living wild in Panama may provide clues about relatively rapid biodiversification, says Tulane University evolutionary biologist Corinne “Cori” Richards-Zawacki. Her team ...

New tool enhances view of muscles

Jan 23, 2012

Simon Fraser University associate professor James Wakeling is adding to the arsenal of increasingly sophisticated medical imaging tools with a new signal-processing method for viewing muscle activation details that have never ...

Mining ' and Minding ' Her Ps and Qs

Aug 10, 2012

(Phys.org) -- Each time you connect to a secure website (say a bank’s website), you begin by downloading a certificate published by the site, which asserts that its Web address is legitimate. It also ...

Recommended for you

Patent talk: Google sharpens contact lens vision

21 hours ago

(Phys.org) —A report from Patent Bolt brings us one step closer to what Google may have in mind in developing smart contact lenses. According to the discussion Google is interested in the concept of contact ...

Neuroscientist's idea wins new-toy award

Apr 15, 2014

When he was a child, Robijanto Soetedjo used to play with his electrically powered toys for a while and then, when he got bored, take them apart - much to the consternation of his parents.

Land Rover demos invisible bonnet / car hood (w/ video)

Apr 14, 2014

(Phys.org) —Land Rover has released a video demonstrating a part of its Discover Vision Concept—the invisible "bonnet" or as it's known in the U.S. the "hood" of the car. It's a concept the automaker ...

Visions of 1964 World's Fair didn't all come true

Apr 12, 2014

Video phone calls? Yeah, we do that. Asking computers for information? Sure, several times a day. Colonies on the moon and jet packs as a mode of everyday transportation. OK, maybe not.

User comments : 5

Adjust slider to filter visible comments by rank

Display comments: newest first

Gino
3 / 5 (2) Aug 23, 2012
Is this going to put the torturers out of business?
Pkunk_
1 / 5 (1) Aug 23, 2012
Is this going to put the torturers out of business?

Once the information required is out, the executioner is the next logical step. Most people would rather prolong their life by enduring pain than get "neutralized" after having their brain dumped.
While the short term implications are scary, the long term implications are endless - the ability to transfer your mind to a brand new clone body when your present one gets too old.
rsklyar
1 / 5 (1) Aug 23, 2012
Not so long ago some transatlantic research gang from the Italian Institute of Technology (IIT) and Joint Research Centre, universities of Ferrara and Genova with a leading bandit at Northwestern University (USA) has impudently stole the non-contact BCI method: http://issuu.com/...saivaldi
CapitalismPrevails
1 / 5 (1) Aug 23, 2012

While the short term implications are scary, the long term implications are endless - the ability to transfer your mind to a brand new clone body when your present one gets too old.


You've been listening to Ray Kurzweil too much.
antialias_physorg
not rated yet Aug 23, 2012
Ray Kurzweil

His name always strikes me as slightly funny because 'kurzweil' translates loosely to 'diverting/entertaining' with a connotation of 'of little substance' - which seems to fit the bill when it comes to his "transhumanism" and "singularity" talks/books.

More news stories

Simplicity is key to co-operative robots

A way of making hundreds—or even thousands—of tiny robots cluster to carry out tasks without using any memory or processing power has been developed by engineers at the University of Sheffield, UK.

Microsoft CEO is driving data-culture mindset

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Floating nuclear plants could ride out tsunamis

When an earthquake and tsunami struck the Fukushima Daiichi nuclear plant complex in 2011, neither the quake nor the inundation caused the ensuing contamination. Rather, it was the aftereffects—specifically, ...

Patent talk: Google sharpens contact lens vision

(Phys.org) —A report from Patent Bolt brings us one step closer to what Google may have in mind in developing smart contact lenses. According to the discussion Google is interested in the concept of contact ...