As hard as it is to believe, what many might think is the last bastion of total privacy, namely, the human mind, is quickly becoming just as vulnerable as the rest of our lives with the invention of mind-reading helmets and other ways to “hack” the mind.
Now security researchers from the University of California, Berkeley, the University of Oxford and the University of Geneva, have created a custom program to interface with brain-computer interface (BCI) devices and steal personal information from unsuspecting victims.
The researchers targeted consumer-grade BCI devices due to the fact that they are quickly gaining popularity in a wide variety of applications including hands-free computer interfacing, video games and biometric feedback programs.
Furthermore, there are now application marketplaces – similar to the ones popularized by Apple and the Android platform – which rely on an API to collect data from the BCI device.
Unfortunately with all new technology comes new risks and until now, “The security risks involved in using consumer-grade BCI devices have never been studied and the impact of malicious software with access to the device is unexplored,” according to a press release.
The individuals involved with this project – which resulted in a research paper entitled “On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces,” include Ivan Martinovic and Tomas Ros of the Universities of Oxford and Geneva, respectively, along with Doug Davies, Mario Frank, Daniele Perito, and Dawn Song, all of the University of California, Berkeley.
The findings of these innovative researchers are nothing short of disturbing. They found “that this upcoming technology could be turned against users to reveal their private and secret information.”
Indeed, they used relatively cheap BCI devices based on electroencephalography (EEG) in order to demonstrate the feasibility of surprisingly simple and effective attacks.
The information that can be gained by the attacks is incredibly sensitive, including, “bank cards, PIN numbers, area of living, the knowledge of the known persons.”
Most troubling is the fact that this represents “the first attempt to study the security implications of consumer-grade BCI devices,” which makes the success of the attacks that much more disconcerting.