This is an awfully contrived title for an article that could be summarized as "people can find out whether or not you recognize something shown to you by monitoring electrical activity along the scalp."
This relies on an unsuspecting victim wearing a complicated nonstandard headset and then looking at a series of images / numbers slowly enough to register each of them consciously.<p>In what world would the victim <i>not</i> become suspicious?<p>(I appreciate things may change in the future, and if brain control headsets become common then a malware model (ad popups, for example) could provide a plausible vector for this attack.)
The research(both in this paper and the previous one at Usenix security 2012) is over hyped bullshit. The experiment was: remember this pin number to enter at the end of the experiment and then we show you numbers and look for a recognition signal. Or they check that you recognize an image of your bank.<p>This is just image/text recognition research from 1980's and 90's neuroscience regurgitated as security publications with far shittier experimental methodology and consumer equipment.<p>At no point did they actually demonstrate they got access to secrets you knew. E.g. your real PIN number and they certainly didn't demonstrate they could do so surreptitiously. There is no reason to believe you could actually do this and these experiments tell us nothing we didn't already know from actual real experiments done by real clinical researchers: you can use the p300 signal to tell if someone recognizes a specified stimulus.
The "side-channel" is your brain. Doh.<p>This implies the possibility of "something you know" may be only just as secure as "something you have."<p>As people integrate and evolve to include technology, the security aspects of bio-technical interfaces are going to get really interesting and damn important.
"Thought crime" will soon have a much darker and more dangerous meaning. Of course NSA will want to tap everything people are thinking, just like they're already treating all human communications "to keep us safe". I don't think it's a stretch to think they'll want to do that, too, if nothing changes, and people continue to let them do anything they want in the name of "national security".
Wow I wasn't aware that EEGs are this cheap. Does anyone know how well these 200-300$ thingies play with Linux and how easy it is to hack around with them generally?<p>I'd love to log my brain activities while learning, reading or playing poker :D<p>Edit:
Seems like the Emotive EPOC has an SDK that supports Linux and also an open source library called Emokit that was build from reverse engineering the device's communication :D
*cue inception music<p>But really, looks like this experiment could be totally derailed by closing your eyes, or by thinking of irrelevant topics.<p>Still pretty neat though.
This seems like testifying against yourself. Aren't lie detector type systems only done voluntarily?<p>Related, the MRI lie detector: <a href="http://www.ncbi.nlm.nih.gov/pubmed/19092066" rel="nofollow">http://www.ncbi.nlm.nih.gov/pubmed/19092066</a>
This is pretty common for how Emotiv presents itself. If you look through their site and write ups about their Epoc headset, you'll find the same kind of overhyped and misleading information.<p>It's cool that home BCI is so cheap now, I just wish they weren't trying to captilize so heavily on it.
This is how it will go down. First, the government is going to own these companies. Then they are going to declare the technology illegal to use in private hands. Third, they will train operatives that can only be certified by government agencies to use these devices.
Sensationalist title designed to gain unjustified views. Accurate title would be "$200-$300 buys you an off the shelf polygraph test". Same principles, this has been known as a "lie detector" test for years.. and it's defeatable..
Assuming something like this actually works some day, I wonder if you could avoid it by having your secret be something that can't be encoded visually - eg haptic feedback/gesture rather than passwords.
Neat idea. The debit card pin bit does not seem feasible though, at least in a brute force setting - finding out a 6 digit pin, showing each number for 1 second, takes > 11 days in the worst case.
Maybe we can sue God or something for misconception? I am waiting his HN post where he will say, we have learnt something with 0-day and improved the security of your brain. Maybe a sheep as the reward for the scientist! :)