Feeds

SHOCK: Brainwave readers work as advertised

Put away the tinfoil hat, there's no 'brain hack' here

  • alert
  • submit to reddit

Internet Security Threat Report 2014

A little-reported (at first) bit of research presented at this month’s Usenix conference makes the startling claim that consumer-grade EEG-based interface devices – like Emotiv and NeuroSky headsets – could be used to gain private information from users.

The combination of sexy gadget and sci-fi attack was too much for the hipsters over at ExtremeTech, with the headline “Hackers backdoor the human brain”, and CrazyEngineers, which took an axe to language with “Hackers Unauthorizedly Access Human Brain”.

Actually, what the researchers demonstrate might be considered unremarkable when you deconstruct it:

1. A consumer peripheral doesn’t secure its communications with its host (other peripherals that use unsecured communications include your keyboard, mouse, and headphones).

2. These particular peripherals actually do what the package says they do.

OK, so what’s actually taken place? In this presentation, “On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces” the Usenix presenters put a set of cognitive tests in front of people wearing the headsets, and checked the responses recorded by the devices.

Hence, if a photograph of President Obama showed up among a set of random pics of people, the brain responded. The particular response, a spike in what’s called the P300 event-related potential, has been associated with what’s called a “guilty knowledge test” since the 1990s.

If a similar test is applied to credit cards, bank logos and birthdays, a strong P300 response would indicate that a user holds a Bank of America Visa card and has a September birthday – if a test can be contrived that can elicit this information without anybody catching on.

However: P300 responses are not only known to the two manufacturers, they’re part of what’s in the box. Emotive not only believes its device captures the P300 “brain-wave” (an imprecise term but good enough here), it helpfully publishes a 2011 test paper here, complete with instructions on how to repeat the experiment for yourself. Various other discussions about using both Emotiv and NeuroSky to detect P300 waves exist at the OpenVibe brain-computer interface forum.

It’s a nice enough piece of work from the Usenix presenters, but a malicious cracker would get further, faster, with a keylogger. Or a skimmer on a credit card machine. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Will.i.am gets CUFFED as he announces his new wristjob, the PULS
It's got four KILOWATTS of something, apparently
Don't wait for that big iPad, order a NEXUS 9 instead, industry little bird says
Google said to debut next big slab, Android L ahead of Apple event
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
A drone of one's own: Reg buyers' guide for UAV fanciers
Hardware: Check. Software: Huh? Licence: Licence...?
Jaguar Sportbrake: The chicken tikka masala of van-sized posh cars
Indian-owned Jag's latest offering curries favour with us
iPhone 6 shunned by fanbois in Apple's GREAT FAIL of CHINA
Just 100 Beijing fanbois queue to pick up new mobe
The Apple launch AS IT HAPPENED: Totally SERIOUS coverage, not for haters
Fandroids, Windows Phone fringe-oids – you wouldn't understand
Here's your chance to buy an ancient, working APPLE ONE
Warning: Likely to cost a lot even for a Mac
Is living with Dolby Atmos worth the faff?
Subtle, naturalistic ambiance – perfect for Transformers 4
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.