This is an awfully contrived title for an article that could be summarized as "people can find out whether or not you recognize something shown to you by monitoring electrical activity along the scalp."
If you manage to hack out a list of all 4-digit numbers that you recognize, it's trivial to bruteforce which of those numbers are for your cards or for some other security PINs.
Also, it has other practical uses - think of it as a better-than-polygraph test for questions of type "have you seen this person" or "does this account-password belong to you".
These articles are funny, coming up with all the negative possibilities of future technology. Elysium (new movie) showed another one, allowing a full download of people's brains, also to ill effect.
I can't wait until this technology is improved, so I can "search" my own brain to find all the stuff I seem to forget. I'm sure it's locked in my unconscious somewhere...
>If you manage to hack out a list of all 4-digit numbers that you recognize, it's trivial to bruteforce which of those numbers are for your cards or for some other security PINs.
While correct, I think you're missing something huge.
I'm not sure how long it takes for your brain to recognize a 4-digit number as something you "know". Absolute fastest would be something around 32/second, as I believe that's about as fast as your brain can view an image (movie frame rate). However, I'm reasonably sure it's much slower than this, and we haven't even factored in how long it takes the computer hooked up to your brain to recognize a change. So for the purposes of this argument, I'm going to say about one PIN per second.
So, for a 4 digit PIN, you can spend 9999 seconds to "hack" the mark's brain, and then try all those combinations that showed a recognition pattern. Or you could just brute force all 9999 permutations, likely at a much faster than 1 per second, without needing physical access to the mark, and without all sorts of crazy hardware.
Now you just show your mark each symbol to check if it's a part of the password, which would drastically and usefully reduce your search space (unless it a password that uses almost all ASCII characters, but those are extremely rare...).
No, the proposed method can't check if it's a part of the password, it can check if it's a part of a password/something the person has ever known. All alphanumerics would be included naturally.
The reason for PIN's is that if your pin is '8243', then that number will provoke a "recognition" response much different than, say, '8244' which (to you) is just a random number with no specific associations.
I absolutely agree that the technology has plenty of use cases and that the paper the article's written about presents an interesting new perspective on security. I was, however, annoyed that the article's title and opening paragraphs seem to take something relatively elementary (it's a feasibility study!) and frame it as some sort of Inception-esque mind-hacking situation.
In other words: I agree about the value of the idea. I think, however, that there's a huge disconnect between the information and how it's being presented.
I completely agree here. Good information here, and lots of potential when you think about it could be applied with other machine learning algorithms that are currently being used with "real-time fMRI". Indeed, I don't think we're far off from reducing the gap between neuronal activity and behavioral patterns, but we need to keep in mind that the brain is incredibly complex, highly variable between individuals, and most of the time, presents quite a poor signal-to-noise ratio with the technology currently available.
Perhaps it's more practical and better with temporal resolution, but it depends on how concerned you are with spatial resolution too (which EEG is quite poor with).
That's the point of this article. The experiment routes around the lack of good spatial resolution in the data. It's like a much more sophisticated, much less easy to game polygraph.
a polygraph measures physiological responses which are related to the EEG spike, but are a less direct measurement. As a result the polygraph is much easier to mess with by playing around with your physical state. For example you can confuse the polygraph by doing things like clenching your toes and fingers, as well as performing other jedi mind tricks.
Well the SCIFI-future scenario is valid though. Imagine a world in which people use such devices regularly. It's not that hard to envision some social media application or game that can extract some information without you being aware of it.
Also, it has other practical uses - think of it as a better-than-polygraph test for questions of type "have you seen this person" or "does this account-password belong to you".