Pass-thoughts: authenticating with our minds
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Person Authentication Using Brainwaves (EEG) and Maximum A Posteriori Model Adaptation
IEEE Transactions on Pattern Analysis and Machine Intelligence
BCI for Games: A `State of the Art' Survey
ICEC '08 Proceedings of the 7th International Conference on Entertainment Computing
A new approach for EEG feature extraction in P300-based lie detection
Computer Methods and Programs in Biomedicine
NeuroPhone: brain-mobile phone interface using a wireless EEG headset
Proceedings of the second ACM SIGCOMM workshop on Networking, systems, and applications on mobile handhelds
Guessing what's on your mind: using the N400 in brain computer interfaces
BI'10 Proceedings of the 2010 international conference on Brain informatics
Fighting coercion attacks in key generation using skin conductance
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Hi-index | 0.00 |
Brain computer interfaces (BCI) are becoming increasingly popular in the gaming and entertainment industries. Consumer-grade BCI devices are available for a few hundred dollars and are used in a variety of applications, such as video games, hands-free keyboards, or as an assistant in relaxation training. There are application stores similar to the ones used for smart phones, where application developers have access to an API to collect data from the BCI devices. The security risks involved in using consumer-grade BCI devices have never been studied and the impact of malicious software with access to the device is unexplored. We take a first step in studying the security implications of such devices and demonstrate that this upcoming technology could be turned against users to reveal their private and secret information. We use inexpensive electroencephalography (EEG) based BCI devices to test the feasibility of simple, yet effective, attacks. The captured EEG signal could reveal the user's private information about, e.g., bank cards, PIN numbers, area of living, the knowledge of the known persons. This is the first attempt to study the security implications of consumer-grade BCI devices. We show that the entropy of the private information is decreased on the average by approximately 15%-40% compared to random guessing attacks.