|Exploring the security characteristics of brain-computer interfaces (BCI), a group of international researchers were successfully able to extract information like bank ATM PIN codes from test subjects using commercially available BCI technology.|
Researchers from the University of California and University of Oxford in Geneva figured out a way to pluck sensitive information from a person’s head, such as PIN numbers and bank information.
The scientists took an off-the-shelf Emotiv brain-computer interface, a device that costs around $299, which allows people to interact with their computers by thought alone.
The research was undertaken by: Ivan Martinovic from the University of Oxford; Dawn Song, Doug Davies, Mario Frank, and Daniele Perito from the University of California, Berkeley; and Tomas Ros, at University of Geneva. Their work was presented at the USENIX Security Symposium last month.
The researchers then showed the test subjects computer images of banks, people, and PIN numbers. They then tracked the readings coming off of the brain, specifically the P300 signal.
The P300 signal is typically given off when a person recognizes something meaningful, such as someone or something they interact with on a regular basis.
Scientists that conducted the experiment found they could reduce the randomness of the images by 15 to 40 percent, giving them a better chance of guessing the correct answer.
In the paper that the scientists released, they state that “the P300 can be used as a discriminative feature in detecting whether or not the relevant information is stored in the subject’s memory.
“For this reason, a GKT based on the P300 has a promising use within interrogation protocols that enable detection of potential criminal details held by the suspect,” the researchers said.
However, scientists say this way of lie detection is “vulnerable to specific countermeasures,” but not as many compared to a traditional lie detector.
This could only be the beginning of a new form of fraud. Scientists say that a person with their guard lowered could be “easily engaged into ‘mind games’ that camouflage the interrogation of the user and make them more cooperative.”
Also, much like other household electronics, “the ever increasing quality of devices, success rates of attacks will likely improve.” They concluded:
The simplicity of our experiments suggests the possibility of more sophisticated attacks. For example, an uninformed user could be easily engaged into “mindgames” that camouflage the interrogation of the user and make them more cooperative. Furthermore, with the ever increasing quality of devices, success rates of attacks will likely improve. Another crucial issue is that current APIs available to third-party developers offer full access to the raw EEG signal. This cannot be easily avoided, since the complex EEG signal processing is outsourced to the application. Consequently, the development of new attacks can be achieved with relative ease and is only limited by the attacker’s own creativity.
|By 33rd Square||Subscribe to 33rd Square|