With a chilling hint of the not-so-distant future, researchers at the Usenix Security conference have demonstrated a zero-day vulnerability in your brain. Using a commercial off-the-shelf brain-computer interface, the researchers have shown that it’s possible to hack your brain, forcing you to reveal information that you’d rather keep secret.
As we’ve covered in the past, a brain-computer interface is a two-part device: There’s the hardware — which is usually a headset (an EEG; an electroencephalograph) with sensors that rest on your scalp — and software, which processes your brain activity and tries to work out what you’re trying to do (turn left, double click, open box, etc.) BCIs are generally used in a medical setting with very expensive equipment, but in the last few years cheaper, commercial offerings have emerged. For $200-300, you can buy an Emotiv (pictured above) or Neurosky BCI, go through a short training process, and begin mind controlling your computer.
Both of these commercial BCIs have an API — an interface that allows developers to use the BCI’s output in their own programs. In this case, the security researchers — from the Universities of Oxford and Geneva, and the University of California, Berkeley — created a custom program that was specially designed with the sole purpose of finding out sensitive data, such as the location of your home, your debit card PIN, which bank you use, and your date of birth. The researchers tried out their program on 28 participants (who were cooperative and didn’t know that they were being brain-hacked), and in general the experiments had a 10 to 40% chance of success of obtaining useful information (pictured above).
Moving forward, this brain hack can only improve in efficacy as BCIs become cheaper, more accurate, and thus more extensively used. Really, your only defense is to not think about the topic — but if you’re proactively on the defensive, then the hacker has already messed up. The only viable solution that I can think of is to ensure that you don’t use your brain-computer interface with shady software, brain malware — but then again, in a science-fictional future, isn’t it almost guaranteed that the government would mandate the inclusion of brain-hacking software in the operating system itself?