LE MONDE (France), VICE, USENIX SECURITY (USA)
Remember that scene in Star Wars Episode VI: Return of the Jedi when Darth Vader learns about Luke’s sister just by reading his thoughts?
["Your thoughts betray you," says Darth Vader]
Well the same might just happen to you soon – and if you don’t happen to have a cinnamon-roll-haired twin sister whose existence you’d like to keep a secret, think of all the security PINs and bank accounts details that could be extracted from your non-Jedi mind.
Le Monde reports that using affordable brain-computer interface helmets (simple electroencephalography devices that cost about $500), a group of researchers at the USENIX Security Symposium managed to monitor the brain electrical activity and infer participants’ PIN digits, zip codes and birth dates.
The team, led by Ivan Martinovic of Oxford’s Department of Computer Science, was studying the dangers of brain-computer interface (BCI) devices:
"We take a first step in studying the security implications of such devices and demonstrate that this upcoming technology could be turned against users to reveal their private and secret information. We use inexpensive electroencephalography (EEG) based BCI devices to test the feasibility of simple, yet effective, attacks. The captured EEG signal could reveal the user’s private information about, e.g., bank cards, PIN numbers, area of living, the knowledge of the known persons."
Daniele Perito of the University of California, Berkeley, one of the paper’s authors, told the New York City-based Canadian magazine Vice: "It’s going to be a while, but I think it is going to be much easier to get certain information like someone’s political preference or sexual orientation."
If you have a half-hour to spare and want to understand the risks of side-channel attacks with brain-computer interfaces, the video below explains it all.