Researchers Swipe Personal Data With ‘Brain Spyware’
Researchers were able to glean sensitive personal information such as PIN numbers and credit card data from the brainwaves of people wearing headsets that allow users to control computer applications with their minds.Researchers were able to glean sensitive personal information such as PIN numbers and credit card data from the brainwaves of people wearing headsets that allow users to control computer applications with their minds.
“The [Emotiv EPOC] headset,” which has been around since 2010, “reads brain activity related to facial movements, and uses this to infer your emotional state and intentions. This is then translated in software to control various applications, from games to photo viewers to an on-screen keyboard.” Some applications are capable of controlling remote objects, such as wheelchairs, and potentially even aerial drones.
The security researchers from Oxford, UC Berkeley and the University of Geneva claim they were able to use applications they developed to determine “PIN numbers, birth months, areas of residence,” and other personal information by showing headset-clad test subjects images of “ATM machines, debit cards, maps, people, and random numbers in a series of experiments.”
“The correct answer was found by the first guess in 20% of the cases for the experiment with the PIN, the debit cards, people, and the ATM machine,” the researchers wrote. “The location was exactly guessed for 30% of users, month of birth for almost 60% and the bank based on the ATM machines for almost 30%.”
The researchers envision a scenario in which a potential malicious attacker could write “brain spyware” allowing the harvesting of private information from the user.
— Posted by Alexander Reed Kelly.
Your support matters…Wired:
“We simulated a scenario where someone writes a malicious app, the user downloads it and trusts the app, and actively supports all the calibration steps of the device to make the software work,” said Frank. In these seemingly innocuous calibration steps, which are standard for most games and other applications using the headsets, there could be the potential to harvest personal information.
“We realized that these devices are becoming increasingly popular — maybe in five, 10 years, it’s very likely that many households will have one,” Frank said. “At the same time, you can use all kinds of third-party apps for these devices. In this setting, as security researchers, we identified that there is a potential to make some bad stuff, to turn this technology against the user.” He said, however, that there was no immediate threat in using the devices. But the experiments devised by the researchers point to the devices’ darker potential.
Independent journalism is under threat and overshadowed by heavily funded mainstream media.
You can help level the playing field. Become a member.
Your tax-deductible contribution keeps us digging beneath the headlines to give you thought-provoking, investigative reporting and analysis that unearths what's really happening- without compromise.
Give today to support our courageous, independent journalists.
You need to be a supporter to comment.
There are currently no responses to this article.
Be the first to respond.