TY - GEN
T1 - Using EEG-based BCI devices to subliminally probe for private information
AU - Frank, Mario
AU - Hwu, Tiffany
AU - Jain, Sakshi
AU - Knight, Robert T.
AU - Martinovic, Ivan
AU - Mittal, Prateek
AU - Perito, Daniele
AU - Sluganovic, Ivo
AU - Song, Dawn
N1 - Publisher Copyright:
© 2017 Copyright held by the owner/author(s). Publication rights licensed to Association for Computing Machinery.
PY - 2017/10/30
Y1 - 2017/10/30
N2 - EEG-based Brain-Computer-Interfaces are becoming available as consumer-grade devices, used in applications from gaming to learning programs with neuro-feedback loops. While enabling attractive applications, their proliferation introduces novel privacy concerns and security threats. One such example are attacks in which adversaries compromise EEG-based BCI devices and analyze the user's brain activity in order to infer private information such as their bank or area-of-living. In this paper, we propose and analyze a more serious threat-a subliminal attack in which, given that the visual probing lasts for less than 13.3 milliseconds, the existence of any stimulus is below ones cognitive perception. We show that even under such limitation, the attacker can still analyze subliminal brain activity in response to the rapid visual stimuli and consequently infer private information about the user. By running a proof-of-concept study with 27 participants, we experimentally evaluate the feasibility of subliminal attacks using EEG-based BCI devices. While not perfect, our results show that it is indeed feasible for attackers to subliminally learn probabilistic information about their victims.
AB - EEG-based Brain-Computer-Interfaces are becoming available as consumer-grade devices, used in applications from gaming to learning programs with neuro-feedback loops. While enabling attractive applications, their proliferation introduces novel privacy concerns and security threats. One such example are attacks in which adversaries compromise EEG-based BCI devices and analyze the user's brain activity in order to infer private information such as their bank or area-of-living. In this paper, we propose and analyze a more serious threat-a subliminal attack in which, given that the visual probing lasts for less than 13.3 milliseconds, the existence of any stimulus is below ones cognitive perception. We show that even under such limitation, the attacker can still analyze subliminal brain activity in response to the rapid visual stimuli and consequently infer private information about the user. By running a proof-of-concept study with 27 participants, we experimentally evaluate the feasibility of subliminal attacks using EEG-based BCI devices. While not perfect, our results show that it is indeed feasible for attackers to subliminally learn probabilistic information about their victims.
UR - http://www.scopus.com/inward/record.url?scp=85043400002&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85043400002&partnerID=8YFLogxK
U2 - 10.1145/3139550.3139559
DO - 10.1145/3139550.3139559
M3 - Conference contribution
AN - SCOPUS:85043400002
T3 - WPES 2017 - Proceedings of the 2017 Workshop on Privacy in the Electronic Society, co-located with CCS 2017
SP - 133
EP - 136
BT - WPES 2017 - Proceedings of the 2017 Workshop on Privacy in the Electronic Society, co-located with CCS 2017
PB - Association for Computing Machinery, Inc
T2 - 16th ACM Workshop on Privacy in the Electronic Society, WPES 2017
Y2 - 30 October 2017
ER -