If you use the internet, then you no doubt noticed the story about how the human brain is not immune to hackers. Ivan Martinovic, University of Oxford; Doug Davies, Mario Frank, and Daniele Perito, University of California, Berkeley; Tomas Ros, University of Geneva; Dawn Song, University of California, Berkeley have teamed up to create a presentation for the 21st USENIX Security Symposium titled, On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces.
According to their abstract,
Brain computer interfaces (BCI) are becoming increasingly popular in the gaming and entertainment industries. Consumer-grade BCI devices are available for a few hundred dollars and are used in a variety of applications, such as video games, hands-free keyboards, or as an assistant in relaxation training. There are application stores similar to the ones used for smart phones, where application developers have access to an API to collect data from the BCI devices.
The security risks involved in using consumer-grade BCI devices have never been studied and the impact of malicious software with access to the device is unexplored. We take a first step in studying the security implications of such devices and demonstrate that this upcoming technology could be turned against users to reveal their private and secret information. We use inexpensive electroencephalography (EEG) based BCI devices to test the feasibility of simple, yet effective, attacks. The captured EEG signal could reveal the user’s private informa- tion about, e.g., bank cards, PIN numbers, area of living, the knowledge of the known persons. This is the first attempt to study the security implications of consumer-grade BCI devices. We show that the entropy of the private information is decreased on the average by approximately 15 % – 40 % compared to random guessing attacks.
Their excellent publication outlines the process by which they develop their model and clearly presents the results. Bottom-line, Martinovic, along with researchers from California and Switzerland, developed a program that interfaces with an electroencephalograph (EEG) device identical to the ones that are marketed for gaming and entertainment, but instead of controlling a character on a screen, participants’ brain wave activity was imaged and analyzed as they were shown pictures of numbers, names, logos and people.
Researchers looked for what’s called a P300 response, a very distinct brain wave pattern that occurs when one relates to or recognizes something. It would occur, for instance, if you were to look at a picture of your mother, or see your Social Security number written out. While this technology doesn’t allow someone else to actively go in and search around in our brains, it’s definitely a step in that direction, but for this method to yield any valuable information, many conditions need to be exactly right. If the subject in question knew the hacker’s motives, were suspicious, scared or simply chose to not think about the subject at hand, gleaning anything useful from the brain wave data would be difficult, if not impossible. The technology is definitely not a brute-force method of extracting information, but could be a useful tool in the hands of a great social engineer.
The authors made their presentation specific to the USENIX Conference, but I believe that their conclusion points to something that may be quite helpful in advertising:
The broad field of possible applications and the technological progress of EEG-based BCI devices indicate that their pervasiveness in our everyday lives will increase. In this paper, we focus on the possibility of turning this technology against the privacy of its users. We believe that this is an important first step in understanding the security and privacy implications of this technology. In this paper, we designed and carried out a number of experiments which show the feasibility of using a cheap consumer-level BCI gaming device to partially reveal private and secret information of the users. In these experiments, a user takes part in classification tasks made of different images (i.e., stimuli). By analyzing the captured EEG signal, we were able to detect which of the presented stimuli are related to the user’s private or secret information, like information related to credit cards, PIN numbers, the persons known to the user, or the user’s area of residence, etc.
The experiments demonstrate that the information leakage from the user, measured by the information entropy is 10 %-20% of the overall information, which can increase up to 43 %. The simplicity of our experiments suggests the possibility of more sophisticated attacks. For example, an uninformed user could be easily engaged into “mindgames” that camouflage the interrogation of the user and make them more cooperative. Furthermore, with the ever increasing quality of devices, success rates of attacks will likely improve. Another crucial issue is that current APIs available to third-party developers offer full access to the raw EEG signal. This cannot be easily avoided, since the complex EEG signal processing is outsourced to the application. Consequently, the development of new attacks can be achieved with relative ease and is only limited by the attacker’s own creativity.
I have written about this quite a bit in the past, but I believe that neuroscience has (and will to a greater extent in the future) an important place in advertising. What I took from the paper is that people respond to things they recognize. So, yes, using an EEG-based BCI device will help the CIA identify terrorists, but it also means that people “light up” when they recognize a logo. It seems obvious to me that additional research in this area continues to support the idea that integrated marketing – not just how to reach a consumer – but when – is key to sales success. I recently read that TV advertising is flat, but TV advertising, mixed with print, mobile and in-store can help trigger a recognition factor for a consumer. If you are trying to sell Tide, for example, when that consumer turns down the laundry aisle, recognition of the brand has a neurological impact.
From a functional perspective, this concept makes it clear that it is vital to carry brand elements through advertising channels. In other words, (keeping Tide as an example), make sure that the Tide logo is on TV long enough to make an impact; make sure the flyer at the store has the Tide logo; make sure the mobile ad for shopper coupons shows the logo (not just kids wearing clean clothes); and make sure that any in-aisle advertising is using the logo. Every instance helps build recognition and that recognition creates an involuntary response in the brain.
The real challenge is getting the consumer to purchase, but getting this far with SCIENCE is at least half of the battle.
# # #
We build strategies and everything that goes with them.
Some of the largest organizations in the world, including many in the mortgage and finance industries, trust us with the most important aspects of their business. From defining clients’ brands and identities to developing ongoing campaigns in a variety of media, we provide the communications and measurement tools to move them forward. Applying our experience and dedication to the media and the message, bloomfield knoble handles every detail of our clients’ strategic marketing initiatives.