Wired reports a team of security researchers from Oxford, UC Berkeley, and the University of Geneva, have proven that with today's technology it's possible to deduce digits of PIN numbers, birth months, areas of residence and other personal information by scanning brainwaves with commercially available EEG headsets like the $299 Emotiv Epoc.
The research illustrates that as this type of technology spreads and as the quality of devices increases, we may start seeing "brain spyware" in the near-future.
Full details over here.
A team of security researchers from Oxford, UC Berkeley, and the University of Geneva say that they were able to deduce digits of PIN numbers, birth months, areas of residence and other personal information by presenting 30 headset-wearing subjects with images of ATM machines, debit cards, maps, people, and random numbers in a series of experiments. The paper, titled “On the Feasibility of Side-Channel Attacks with Brain Computer Interfaces,” represents the first major attempt to uncover potential security risks in the use of the headsets.
“The correct answer was found by the first guess in 20% of the cases for the experiment with the PIN, the debit cards, people, and the ATM machine,” write the researchers. “The location was exactly guessed for 30% of users, month of birth for almost 60% and the bank based on the ATM machines for almost 30%.”
To detect the first digit of the PIN, researchers presented the subjects with numbers from 0 to 9, flashing on the screen in random order, one by one. Each number was repeated 16 times, over a total duration of 90 seconds. The subjects’ brainwaves were monitored for telltale peaks that would rat them out.