There’s nothing quite like the privacy of our own minds. It’s the most secure place we can ever go to, an intimate place where we can store our darkest secrets and safely think even the most unspeakable of thoughts. Of course, we don’t always like our thoughts – indeed, sometimes we’re even ashamed of them, yet there they persist, buried deep in our unconsciousness, never to be spoken…

It’s a worrying thought that someone could access your mind and know what you’re thinking – but luckily for you, no one will ever know what you really think about them, will they? Will they??

Well, get ready for some uncomfortable news, for your innermost thoughts may no longer be yours alone. Recently, researchers from the University of Oxford in Geneva demonstrated just how easy it is to hack a human brain and extract details such as your credit card PIN number straight from your head. Even worse, they did it with the aid of something as simple as a widely available Emotiv brain-computer interface that anyone can buy for just a few hundred dollars.

The Brain-Computer Interface Explained

Known as BCI controllers, these readily available devices were originally designed for computer interaction purposes, such as playing games. Basically it’s a kind of headset that taps into your brainwaves, and allows you to control what’s happening on-screen through a series of electrodes that collect your thoughts and translate them into data which can then be extracted via an API.

The device can’t read your thoughts as easily as all that, but it can distinguish between two different brain states – concentrating and relaxed. As well as being used by gamers, BCI’s are also used by doctors, to gather neurological data on conditions like epilepsy and sleep disorders.

Why You Should Be Worried

There’s one drawback to BCI’s that evil-doers can easily exploit – the devices can be used to zero-in on a specific signal coming from your brain, which scientists call “P300”. Your P300 signal will jump through the roof the moment you see something you recognize, for example a photo of your girlfriend/boyfriend, a quote from your favorite book, or your personal PIN number.

In their experiments, the researchers showed participants images of things they would recognize, such as their date of birth, pictures of famous people, and possible passwords or PIN numbers, whilst monitoring their P300.

Alarmingly, through careful monitoring the researchers found that they were able to correctly guess the first digit of a subject’s PIN number 20% of the time. In addition, they were also able to garner other details, such as someone’s birth month 60% of the time, their bank branch 30% of the time, and the region where they lived 30% of the time.

Now, this isn’t a spectacular success rate, but with a little more patience, more accurate results could well be produced. And as Ben Weitzenkorn of Security News Daily points out, “it’s much better than trying to simply guess a 16-digit credit card number or someone’s home address”.