Monthly Archives: August 2012

Hackers Extract Sensitive Data from Human Brain

In what might seem a sci-fi movie, researchers at the Usenix Security Conference have demonstrated that it is possible to hack into the human brain to extract information.

Scientists have made use of Brain-Computer Interfaces (BCI) which are popularly used in the gaming and life-sciences industries. In the past few decades, BCIs have been used in medical domains to help simulate neuro activities for patients with neuromuscular disorders. There are even cheaper BCI headsets for gamers which are less accurate versions of EEG (Electroencephalograph or Brain Electrical Activity) devices, available on the market by Emotiv and NeuroSky for $200-$300.

Emotiv Brain Control

Using a P300 response, a specific brainwave pattern that the brain undergoes when it recognizes something meaningful or familiar, a face, location of your home, your DOB, your card’s PIN etc., the researchers developed a program that utilized a modified brute force attack on the brain, this was done by flashing pictures of faces, banks, PINs etc while monitoring the subject’s brain activity for a P300 response.

P300 Response – Brain Hacking

The scientists tested their program on 28 participants who obviously didn’t know that they were being subjects to a brain-hack software. In general the experiments had a 10% to 40% chance of success of obtaining useful information.

Brain Hacking Accuracy Chart

The key ingredient to capture such sensitive information from the subject is to make sure that the subject remains unaware of the fact that they are being attacked. The P300 response is triggered sub-consciously, so, making use of social engineering techniques, sensitive information can be captured.

Imagine, using a BCI device you’re playing a game designed specifically for this purpose while the hidden software in the game is extracting sensitive information from your mind using the same BCI device. This is how the scientists think of a real-life scenario.

Your darkest secrets, deepest fears would be accessible to the hackers in the near future.

Research paper: On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces

© 2012 Ajan Kancharla

Un-Encrypted Company Laptops

Over the past few weeks, I’ve come across various cases where there was a data- breach due to a stolen laptop or a misplaced portable drive. There are cases where a particular company entrusts a laptop to its employee(s) and expect the data to be safe without attempting to provide any sort of data-encryption to the laptop or the sensitive data within the laptop.

Lets take health care places as an instance, usually a patient’s data would contain the following:-

  • Govt. IDs like SSN, Driving Licence, Voters ID etc
  • DOB
  • Health Ailments
  • Address
  • Card Details

The above are just a few that I can think of in less than a minute. A hospital or a health care system would obviously have more than that besides the kind of medicines the patient has been taking or the known side effects of the same.

A software company would have information on the kind of tools that their employees use or the type of data or clients they deal with and more.

There are many programs out in the market that help encrypt our data from hostile eyes. Windows 7 comes with a BitLocker, a tool that lets us encrypt the entire hard disk. BitLocker is only available to Ultimate or Business versions, however if your Windows 7 OS is neither Ultimate nor Business version then you may try using TrueCrypt, its open source and helps encrypt your entire hard drive, a portion of the hard drive or an external drive. Mac OSX has FileVault for the same purpose, although it encrypts only the Mac’s Home Folder. The new version of Mac OSX, Lion would contain FileVault 2, which would be able to encrypt the entire hard drive. If you’re willing to spend more, companies like Imation and Origin provide built-in encryption their portable drives that have a built-in 256bit AES encryption.

© 2012 Ajan Kancharla