The world is becoming even more futuristic – and not necessarily in an entirely good way – with the recent developments in brain-computer interfaces (BCI). This technology involves using electrodes for a computer to read and interpret the electrical impulses generated by nerves firing. Ranging from electrodes actually implanted into the brain to simple skullcaps fitted with an array of attached electrodes, the potential uses are enormous.

Since research started in the 1970s, the propelling hope has been to use these signals to allow the paralyzed to move, the blind to see, the mute to speak, and the deaf to hear. And there have indeed been great strides made in all these areas.

BCI could be perhaps used to augment “normal” people’s senses, too, providing feedback for virtual reality games and scenarios, or by the military to empower mechanical exoskeletons to give soldiers super-strength or speed, or even maneuver aircraft by thought alone, faster than any motion produced by hands on controls could match.

But there may be much, much more BCI may do. Sophisticated brain scanning computers can already detect intentions before they manifest in action, but so far it’s been limited to experiments pushing buttons without any ethical considerations involved. However, it is possible that such technology could enable outright mind reading and lie detection. For just as scientists have learned how to detect immediate intent, so too have they found exactly where in the brain the “aha!” signal known as P300 is generated when a person recognizes something they have seen before.

It doesn’t take much imagination to see certain important forensic applications. If a person claims to have nothing to do with a certain crime, for instance, all it might take would be to wire him or her up before showing pictures of the scene, victims, or instruments to make sure. The person will no more be able to “unsee” things than they can eliminate their DNA.

But could such gizmos be used to actually extract more detailed information from a brain? And what of the security implications?

Like much modern technology, BCI has already escaped the lab even before being perfected. In October 2006, Dr. Geraint Rees of London has claimed the ability to read the mind, even tell the difference between conscious and unconscious thought through the use of functional MRI. By now in 2012, there are consumer-grade BCI devices being used in applications ranging from hands-free computer interfaces to gaming to biometric feedback. There are even online application markets and forums that promote programs to read data.

So recently, researchers from the universities of California at Berkley, Oxford, and Geneva joined together to study security risks and if and how malicious software could use BCI. What they found is scary: they reported that this technology could indeed be employed to extract personal and secret information.

Even worse, they found that even simple caps with electrodes could be used to gain surprisingly detailed information – such as guessing PIN numbers and passcodes – in very simple and effective ways. The initial success was not that great, the guesses being only 10-40% right, but the potential is certainly there.

However, the overall password security situation has been completely changed in recent days, due to the online dumping of huge amounts of actual passwords obtained by hackers. For instance, 1.5 million passwords were dumped online in an attack against online romance facilitators, eHarmony, free for analysis. With that, and numerous other hauls, hackers now have proven statistical methods to guide their attacks. They don’t have to try as blindly as before; but start with the obvious like “password” and “dragon” and go from there.

Researchers found that they could use a brute force approach, flashing images, pictures and numbers rapidly before the subject and wait for the “aha!” moments. Such attempts could easily be hidden in free online games, where a player could be happily playing with images onscreen with his or her mind with the BCI cap while being hacked – and the person would never even suspect it had happened! One can easily imagine how phishing attacks in such a situation might occur…

While theoretically, a person who is aware and suspicious, might be able to prevent the recognition reaction, such a person would likely never submit to BCI to begin with. Actual defenses or even ways to detect such attacks haven’t even begun to be developed. Yet, the technology is loose in the world, and BCI devices will become ever more common in the years to come.

Once again, the hackers have the initial advantage. And this time, the battleground really is in our minds.