Our minds are often the most secure place we can go to think thoughts otherwise unspeakable to human ears. We might not accept every thought we’ve and can be also ashamed by many of these, yet there they’re, punching the core of our minds like lightning; quick and unpredictable. As a result, it may be quite embarrassing and frightening to understand someone not just can access our minds, but knows what we´re thinking.
Welcome to fear, my buddies, as researchers in the University of California and University of Oxford in Geneva have found a method to “hack” in to the mind. Instead of steal our thoughts, however, these scientists have used this hacking technique to pull bank information, PINs along with other sensitive data stored inside the murky folds of our brains. Most frightening of all, these researchers could perform this hack by using an existing, readily available tool, instead of needing to craft one of their own.
Using the Emotiv “brain-computer interface” these researchers could discover a “backdoor,” so to speak, into the mind and lift information from this.
To perform this hack, the researchers placed the Emotiv EPOC device on their subjects´ heads, then placed them before a pc screen which displayed images of familiar places and people. Then, they tracked the mind waves in the headset, specifically the brainwaves known as P300.
This brainwave can be used by the brain to recognize meaningful people, places or things. For example, the P300 signal is used through the brain to back an earlier conversation or recall a piece of information you may make reference to every single day, like a PIN.
P300 gets its name since these surf is released around 300 milliseconds after a brain recognizes the person, place or thing it is shown. To test this new hack, researchers showed their subjects images of Barak Obama. The P300 wave spiked shortly after the subjects saw this picture, confirming recognition in the subjects´ brains.
Next, the subjects were shown a picture of their own house, that also caused the P300 wave to spike shortly thereafter.
“These devices have access to your raw EEG [electroencephalography, or electrical brain signal] data, which contains certain neurological phenomena triggered by subconscious activities,” said Ivan Martinovic, a member of the faculty in the department of computer science at Oxford inside a statement.
“Therefore the central question we were asking with this particular work was, is this is really a privacy threat?”
During the course of their research, they could get yourself a subjects PIN 60% of the time with a one in ten chance. 40% of times, the researchers could recognize at least the very first number of the subjects´ PIN.
According towards the subsequent paper resulting from this research, the researchers have said, “P300 can be used as a discriminative feature in detecting whether or not the relevant details are stored in the subject´s memory.”
“P300 includes a promising use within interrogation protocols which allow detection of potential criminal details held by the suspect.”
The researchers were also concerned with how easy it was for them to obtain these details by utilizing such a readily available and affordable device.
“The simplicity our experiments suggests the potential of more sophisticated attacks,” writes the team in their paper.
“For example, an uninformed user could be easily engaged into ‘mindgames’ that camouflage the interrogation from the user and make them more cooperative. Furthermore, using the increasing quality of devices, success of attacks will likely improve.”
For now, it appears the best way to protect your ideas is to stay away from any Emotiv headsets and refrain from thinking about your PINs and passwords.