Over the last several years, brain-computer interface (BCI) has brought forth amazing opportunities and solutions. The downside, however, is the security issues that come with it. The ability of BCI systems to access pins and private information of users is a real threat. University of Alabama and University of Washington conducted independent studies that establish this potential threat and its misuse.
Study by the University of Alabama
The University of Alabama conducted a study involving people wearing BCI headsets and entering random pins and passwords. The system was able to guess and correlate the typed characters with the corresponding brain activity. After some time, based on the correlation established, the system tries to guess what pin or password the user will enter next.
The study concluded that hacking into a BCI can drastically increase the probability of guessing credentials. A successful BCI hack could increase the probability of guessing a pin from 1 in 10,000 to 1 in 20. Similarly, it could increase the odds of guessing a six-letter password correctly by approximately 500,000 times.
Emotiv, owner and manufacturer of Epoc+ (an advanced wireless EEG), has refuted the results of the study. Emotiv stated that all software using its headsets is vetted and that users are unlikely to willingly input such codes. Contrary to their statement, Alejandro Hernandez, a security researcher with IOActive, has claimed that the study is 100% feasible.
Study by the University of Washington
The study by the University of Washington focused on the remote collection of data. They used subliminal messages that popped up in the corner of a gaming screen. They then utilized EEG to analyze the response of the gamer. A message evoking a strong reaction shows as a peak in the EEG signal.
The EEG signal could, therefore, reveal a lot of personal information about the user, including things such as his/her sexual orientation, discrimination, or other personal choices. The positive uses can be a remote lie detector or pitching only advertisements of interest to each user.
How Serious is the Issue?
BCIs have made an immense positive contribution over the years in diverse fields, especially healthcare. For example, diagnosing concussions and schizophrenia or assisting people with severe motor disabilities with the use of robotic aids. The security and privacy threats posed by commercially available BCIs are, however, real and significant.
Experts agree that it’s high time the security and privacy concerns associated with using BCIs are made a priority. Leaving it too late when BCIs become all pervasive could have dire consequences.