Yeah, I know this is really old by internet time, but I’ve been really busy with work and I’m still catching up:

A team of security researchers from Oxford, UC Berkeley, and the University of Geneva say that they were able to deduce digits of PIN numbers, birth months, areas of residence and other personal information by presenting 30 headset-wearing subjects with images of ATM machines, debit cards, maps, people, and random numbers in a series of experiments. The paper, titled “On the Feasibility of Side-Channel Attacks with Brain Computer Interfaces,” represents the first major attempt to uncover potential security risks in the use of the headsets. [...]

Emotiv and NeuroSky both have “app stores,” where users of the devices can download third-party applications. The applications use a common API for access to the EEG device. [...]

“We simulated a scenario where someone writes a malicious app, the user downloads it and trusts the app, and actively supports all the calibration steps of the device to make the software work,” said Frank. In these seemingly innocuous calibration steps, which are standard for most games and other applications using the headsets, there could be the potential to harvest personal information.

Full Story: Wired: Researchers Hack Brainwaves to Reveal PINs, Other Personal Data

The paper is available on Scribd.

I wonder if this could be used to determine passwords that users don’t consciously remember?

I’ve said before: steganograph your brain before it’s too late!