Security researchers from the Universities of Oxford and Geneva, and the University of California, Berkeley created a custom program that was specially designed with the sole purpose of finding out sensitive data, such as the location of your home, your debit card PIN, which bank you use, and your date of birth. The researchers tried out their program on 28 participants (who were cooperative and didn’t know that they were being brain-hacked), and in general the experiments had a 10 to 40% chance of success of obtaining useful information.
To extract this information, the researchers rely on what’s known as the P300 response — a very specific brainwave pattern that occurs when you recognize something that is meaningful (a person’s face), or when you recognize something that fits your current task (a hammer in the shed). The researchers basically designed a program that flashes up pictures of maps, banks, and card PINs, and makes a note every time your brain experiences a P300. Afterwards, it’s easy to pore through the data and work out — with fairly good accuracy — where a person banks, where they live, and so on.
In a real-world scenario, the researchers foresee a game that is specially tailored by hackers to extract sensitive information from your brain — or perhaps an attack vector that also uses social engineering to lull you into a false sense of security. It’s harder to extract data from someone who knows they’re being attacked — as interrogators and torturers well know.