
Hackers backdoor the human brain, successfully extract sensitive data - adamwintle
http://www.extremetech.com/extreme/134682-hackers-backdoor-the-human-brain-successfully-extract-sensitive-data
======
Centigonal
This is an awfully contrived title for an article that could be summarized as
"people can find out whether or not you recognize something shown to you by
monitoring electrical activity along the scalp."

~~~
PeterisP
If you manage to hack out a list of all 4-digit numbers that you recognize,
it's trivial to bruteforce which of those numbers are for your cards or for
some other security PINs.

Also, it has other practical uses - think of it as a better-than-polygraph
test for questions of type "have you seen this person" or "does this account-
password belong to you".

~~~
TheCraiggers
>If you manage to hack out a list of all 4-digit numbers that you recognize,
it's trivial to bruteforce which of those numbers are for your cards or for
some other security PINs.

While correct, I think you're missing something huge.

I'm not sure how long it takes for your brain to recognize a 4-digit number as
something you "know". Absolute fastest would be something around 32/second, as
I believe that's about as fast as your brain can view an image (movie frame
rate). However, I'm reasonably sure it's much slower than this, and we haven't
even factored in how long it takes the computer hooked up to your brain to
recognize a change. So for the purposes of this argument, I'm going to say
about one PIN per second.

So, for a 4 digit PIN, you can spend 9999 seconds to "hack" the mark's brain,
and then try all those combinations that showed a recognition pattern. Or you
could just brute force all 9999 permutations, likely at a much faster than 1
per second, without needing physical access to the mark, and without all sorts
of crazy hardware.

~~~
atondwal
Consider an ASCII password of unknown length.

Now you just show your mark each symbol to check if it's a part of the
password, which would drastically and usefully reduce your search space
(unless it a password that uses almost all ASCII characters, but those are
extremely rare...).

~~~
PeterisP
No, the proposed method can't check if it's a part of _the_ password, it can
check if it's a part of _a_ password/something the person has ever known. All
alphanumerics would be included naturally.

The reason for PIN's is that if your pin is '8243', then that number will
provoke a "recognition" response much different than, say, '8244' which (to
you) is just a random number with no specific associations.

------
cpdean
"demonstrated a zero-day vulnerability in your brain"

0-Day? I knew I shouldn't have upgraded from primate.

------
tehwalrus
This relies on an unsuspecting victim wearing a complicated nonstandard
headset and then looking at a series of images / numbers slowly enough to
register each of them consciously.

In what world would the victim _not_ become suspicious?

(I appreciate things may change in the future, and if brain control headsets
become common then a malware model (ad popups, for example) could provide a
plausible vector for this attack.)

~~~
Nimi
It's my understanding that the headset is in fact standard:

(from the actual paper) "The experiments are implemented and tested using a
Emotiv EPOC BCI device"

(from the hyperbole article) "For $200-300, you can buy an Emotiv"

In what world would the victim not become suspicious? I think this result is
framed as "if BCI-controlled gaming takes off, it doesn't take much to harvest
personal data from gamers".

Also, I wonder what are the implications for interrogation methods (think CIA,
not local police). They didn't test what happens if the victim is actually
trying to resist, maybe even if the victim has had guidance on how to resist.
I would love to know.

~~~
tehwalrus
I apologise - I meant "nonstandard" as "my mum doesn't have one".

resisting this sort of thing is easy, just think "loud" alternative thoughts
and close your eyes so you don't see the stimulus. Sing a song in your head.
Anything.

------
anologwintermut
The research(both in this paper and the previous one at Usenix security 2012)
is over hyped bullshit. The experiment was: remember this pin number to enter
at the end of the experiment and then we show you numbers and look for a
recognition signal. Or they check that you recognize an image of your bank.

This is just image/text recognition research from 1980's and 90's neuroscience
regurgitated as security publications with far shittier experimental
methodology and consumer equipment.

At no point did they actually demonstrate they got access to secrets you knew.
E.g. your real PIN number and they certainly didn't demonstrate they could do
so surreptitiously. There is no reason to believe you could actually do this
and these experiments tell us nothing we didn't already know from actual real
experiments done by real clinical researchers: you can use the p300 signal to
tell if someone recognizes a specified stimulus.

------
ballard
The "side-channel" is your brain. Doh.

This implies the possibility of "something you know" may be only just as
secure as "something you have."

As people integrate and evolve to include technology, the security aspects of
bio-technical interfaces are going to get really interesting and damn
important.

------
mtgx
"Thought crime" will soon have a much darker and more dangerous meaning. Of
course NSA will want to tap everything people are thinking, just like they're
already treating all human communications "to keep us safe". I don't think
it's a stretch to think they'll want to do that, too, if nothing changes, and
people continue to let them do anything they want in the name of "national
security".

------
kriro
Wow I wasn't aware that EEGs are this cheap. Does anyone know how well these
200-300$ thingies play with Linux and how easy it is to hack around with them
generally?

I'd love to log my brain activities while learning, reading or playing poker
:D

Edit: Seems like the Emotive EPOC has an SDK that supports Linux and also an
open source library called Emokit that was build from reverse engineering the
device's communication :D

~~~
jenius
Turns out they aren't actually that cheap. To get a real EEG from Emotiv, it's
$750 just for the device - the $300 version doesn't seem to actually be an
EEG, they call it an EPOC, and don't exactly explain what it is, but do
mention that it will not give you access to raw EEG data, which is what you
need for any sort of legitimate experiment. On top of that, if you want to use
the SDK, licensed properly, you need to pay an additional $500 or more. So if
you want to play with an EEG and it's API, the minimum price you're really
paying is $1250 - far from the $300 mentioned in the article.

In addition, these cheaper consumer EEGs don't produce research-grade data, so
while they are good for messing around and experimenting, if you want to get
serious, you'll need to upgrade to a more expensive headset.

~~~
kriro
Quickly browsing the github page of the OS-library it seems like you can
extract the raw data from the EPOC which would turn the 300$ one into a decent
enough device.

Granted you'd have to write the unfolding algorithm and infrastructure stuff
yourself (eventhough I'd guess someone probably has done this already)

Seems like a neat enough toy to add it to my xmas-wishlist. Time to build a
light version of the "Ready Player One" cyberworld :P

I used to play poker semiprofessionally and could see this as a very useful
device to identify tilt (and shutdown the pokerclient or at least give you an
alarm of sorts) or generally wear it while grinding and see what helpful info
you can extract when comparing to your hands database.

------
narfquat
*cue inception music

But really, looks like this experiment could be totally derailed by closing
your eyes, or by thinking of irrelevant topics.

Still pretty neat though.

~~~
dodo53
Tension, apprehension, and dissension have begun

~~~
anigbrowl
Ah, a person of taste.

------
spullara
This seems like testifying against yourself. Aren't lie detector type systems
only done voluntarily?

Related, the MRI lie detector:
[http://www.ncbi.nlm.nih.gov/pubmed/19092066](http://www.ncbi.nlm.nih.gov/pubmed/19092066)

~~~
snom380
I don't think governments that permit waterboarding of suspects will care
about that? Let alone criminal organizations.

------
trit
This is pretty common for how Emotiv presents itself. If you look through
their site and write ups about their Epoc headset, you'll find the same kind
of overhyped and misleading information.

It's cool that home BCI is so cheap now, I just wish they weren't trying to
captilize so heavily on it.

------
brisance
This is how it will go down. First, the government is going to own these
companies. Then they are going to declare the technology illegal to use in
private hands. Third, they will train operatives that can only be certified by
government agencies to use these devices.

~~~
snom380
Well mounting skimming hardware in ATMs is illegal as well, do you think that
will stop criminals from abusing this?

------
cmapes
Sensationalist title designed to gain unjustified views. Accurate title would
be "$200-$300 buys you an off the shelf polygraph test". Same principles, this
has been known as a "lie detector" test for years.. and it's defeatable..

~~~
PeterisP
It seems completely different than a lie detector. Classic polygraphs, in
essence, measure stress-responses. This measures [success of] pattern
recognition. You can't use it for many yes/no lie-detector questions, however,
it has a potential to be much more accurate (and less spoofable) for questions
like "Do you remember this face?" or "Have you seen 'ox9j$lkjew' before ? It's
a password to a child-porn site we found on your computer - wondering if you
have used it.."

------
lukasb
Assuming something like this actually works some day, I wonder if you could
avoid it by having your secret be something that can't be encoded visually -
eg haptic feedback/gesture rather than passwords.

------
donquichotte
Neat idea. The debit card pin bit does not seem feasible though, at least in a
brute force setting - finding out a 6 digit pin, showing each number for 1
second, takes > 11 days in the worst case.

~~~
ars
Don't most people have a 4 digit pin?

But in any case showing pins that way wouldn't work anyway - most people have
a muscle memory for their pins, but would not recognize them when written
down.

~~~
c-oreills
I recently got a new card and remembered the PIN spatially. After a few times
of typing it in I realised that, though I was typing the digits of the new
PIN, I was subvocalising the digits of my old PIN. It was a really odd
sensation.

Having said that, I would recognise both PINs as both a string of digits and
as a spatial sequence... so that would probably just be another attack vector.

~~~
Deestan
> I realised that, though I was typing the digits of the new PIN, I was
> subvocalising the digits of my old PIN.

I trained myself to do this on purpose; subvocalising a different number. If
I'm drugged out in a hospital bed and someone asks for my CC PIN, I want them
to get an incorrect number.

~~~
aa0
Well that took a turn... Do you also by chance drink poison every day to build
immunity for when that vicious lad taps your drink?

~~~
Deestan
Yes - If he tries to poison me with caffeine, I'm pretty safe.

I'm not _genuinely_ worried about being robbed of my PIN, though. I just found
the mental challenge interesting.

------
jokoon
If you're naive, that's a misleading article

------
pronoiac
I wonder what would happen if they tested them on, say, mathematicians or
engineers with a penchant for numbers.

~~~
c-oreills
Could work for our against them - what if they've all chosen the start of the
Fibonacci sequence as their PIN?

~~~
criswell
Dammit.

------
bobwaycott
I find it difficult to square a 10-40% chance of success with "fairly good
accuracy".

------
quantumpotato_
So the next wave of Wearable Computing will be exploited over the network..

------
Aardwolf
Summon the tinfoil hats!

~~~
aa0
I'm pretty sure schizophrenia or Parkinson's would be more effective. The
interrogators can just pull the hat off. What you want is brain "static"

~~~
Aardwolf
But that is when you are specifically interrogated and know that you are. With
the tinfoil hats I was referring to the ability of them to unknowingly do this
to you from a distance (which I guess may work at some point...).

------
conformal
if someone's brain is backdoored, does that mean they are likely to enjoy anal
sex?

------
hartator
Maybe we can sue God or something for misconception? I am waiting his HN post
where he will say, we have learnt something with 0-day and improved the
security of your brain. Maybe a sheep as the reward for the scientist! :)

