Rina Steenkamp - Privacy and technology
[Reverse engineering informational privacy law | "Not all my friends need to know" - a qualitative study of teenage patients, privacy and social media | Malware report - January - June 2012 | Public attitudes towards robots | Big data for all - privacy and user control in the age of analytics | Have I got Newsforyou - Analysis fo Flamer C&C server | The ZeroAccess Botnet - Mining and fraud for massive financial gain | Symantec intelligence report - August 2012 | Study on impact assessment for legislation on mutual recognition and acceptance of e-Identification and e-Authentication across borders | Drones in domestic surveillance operations - Fourth Amendment implications and legislative responses | Chip and skim - cloning EMV cards with the pre-play attack | Baseline requirements for the issuance and management of publicly-trusted certificates, v.1.0 | A technology-centered approach to quantitative privacy | Reference check - is your boss watching? | Copyright as property in the post-industrial economy - a research agenda | Marketing your mobile app - get it right from the start | McAfee threats report - Second quarter 2012 | Privacy and data management on mobile devices | The 're-identification' of governor William Weld's medical information - a critical re-examination of healt data identification risks and privacy protections, then and now | Behavioral advertising - the offer you cannot refuse | Threat report - H1 2012 | Transparency - A brief Future of Privacy Forum survey of mobile application best practices | Counting the cost of e-crime - Executive summary | Cracking story - How I cracked over 122 million SHA1 and MD5 hashed passwords | On the feasibility of side-channel attacks with brain-computer interfaces]
An article by Michael Birnhack.
From the Abstract:
"Is technology-neutral legislation possible? Technological neutrality in legislation is often praised for its flexibility and ability to apply to future technologies. Yet, time and again we realize that even if the law did not name any technology, it was nevertheless based on an image of a particular technology. When new technologies appear, they expose the underlying technological mindset of the existing law. This article suggests that we read technology-related laws so to uncover their hidden technological mindset so that we can better understand the law and prepare for the future."
Michael Birnhack: Reverse engineering informational privacy law (SSRN)
[Open link in this window | Open link in new window]
Concurring Opinions: On reverse engineering privacy law (2012/09/18)
[Open link in this window | Open link in new window]
An article by Maja van der Velden and Khaled El Emam.
From the Abstract:
"Most teenage patients do not disclose their personal health information on social media, even though the study found a pervasive use of Facebook. Facebook is a place to be a "regular", rather than a sick teenager. It is a place where teenage patients stay up-to-date about their social life - it is not seen as a place to discuss their diagnosis and treatment."
Maja van der Velden and Khaled El Emam: "Not all my friends need to know" - a qualitative study of teenage patients, privacy and social media (full text in various formats linked from this page)
[Open link in this window | Open link in new window]
PHIprivacy.net: Study reveals teenage patients' attitude towards social media and privacy (2012/09/20)
[Open link in this window | Open link in new window]
A half-yearly report by G Data.
From 'Online banking':
"Earlier attack schemes [...] ended with the transfer of money from the customer to the attacker. No attempts were made to disguise the theft. Attentive customers could thus notice immediately that money was missing from their accounts. Since banks increasingly withhold suspicious transfers for a time, customers were able to stop the actual transfer if they promptly notified their bank. However, newer methods are more sophisticated: In so-called Automatic Transfer System (ATS) schemes, the entire theft takes place without customer interaction. Account balances and lists of transactions are also manipulated in such a way that the victim does not notice the theft."
G Data: Malware report - January - June 2012 (PDF)
[Open link in this window | Open link in new window]
Security.nl: 99,8% malware besmet Windows-computers (2012/09/19)
[Open link in this window | Open link in new window]
WebWereld: 99,8 procent malware zit op Windows (2012/09/20)
[Open link in this window | Open link in new window]
Special Eurobarometer 382, by TNS Opinion and Social.
From the Introduction:
"Robotics is a key technology for Europe's future competitiveness. Robots enable efficiency in all manufacturing and production sectors and contribute to employment in the European Union. Public perceptions of robots, are however, often influenced by misconceptions and fears. In order to improve the image of robots and to increase public acceptance, it is necessary to better understand public opinion about this technology."
TNS Opinion and Social: Public attitudes towards robots (PDF)
[Open link in this window | Open link in new window]
EUROPA: Digital Agenda - Europeans welcome use of robots in an increasingly complex world (2012/09/14)
[Open link in this window | Open link in new window]
WebWereld: Kroes investeert miljoenen in Europese robotica (2012/09/19)
[Open link in this window | Open link in new window]
AG: EU - 'Roboticavoorsprong verder uitbouwen' (2012/09/20)
[Open link in this window | Open link in new window]
A paper by Omer Tene and Jules Polonetsky.
From the Abstract:
"We live in an age of 'big data'. Data have become the raw material of production, a new source for immense economic and social value. Advances in data mining and analytics and the massive increase in computing power and data storage capacity have expanded by orders of magnitude the scope of information available for businesses and government. Data are now available for analysis in raw form, escaping the confines of structured databases and enhancing researchers’ abilities to identify correlations and conceive of new, unanticipated uses for existing information. In addition, the increasing number of people, devices, and sensors that are now connected by digital networks has revolutionized the ability to generate, communicate, share, and access data. Data creates enormous value for the world economy, driving innovation, productivity, efficiency and growth. At the same time, the 'data deluge' presents privacy concerns which could stir a regulatory backlash dampening the data economy and stifling innovation. In order to craft a balance between beneficial uses of data and in individual privacy, policymakers must address some of the most fundamental concepts of privacy law, including the definition of 'personally identifiable information', the role of individual control, and the principles of data minimization and purpose limitation."
Omer Tene and Jules Polonetsky: Big data for all - privacy and user control in the age of analytics (SSRN)
[Open link in this window | Open link in new window]
Concurring Opinions: Big data for all (2012/09/20)
[Open link in this window | Open link in new window]
A paper by Symantec.
Overview:
"W32.Flamer is a sophisticated cyber espionage tool that targeted the Middle East. It is modular in design and contains some novel functionality, most notably its ability to spread across networks using a previously unknown man-in-the-middle attack against Windows Update. Symantec has performed a detailed forensic analysis of two of the command-and-control (C&C) servers used in the W32.Flamer attacks from earlier this year. Based on our analysis, we were able to uncover details such as when the servers were operational, what entities were targeted, nicknames of those involved in the attack, and techniques used by the attackers to avoid discovery should the command-and-control server be compromised. Analysis of these C&C servers was performed as a joint effort between Symantec, CERT-Bund/BSI, IMPACT, and Kaspersky. This paper focuses on the detailed forensic examination Symantec carried out on the C&C server images."
Symantec: Have I got Newsforyou - Analysis fo Flamer C&C server (PDF)
[Open link in this window | Open link in new window]
SecureList: Full analysis of Flame's Command & Control servers (2012/09/17)
[Open link in this window | Open link in new window]
Security.nl: Nederlandse organisaties slachtoffer Flame-virus (2012/09/17)
[Open link in this window | Open link in new window]
Tweakers.net: 'Flame-virus trof ook nederlandse computers' (2012/09/17)
[Open link in this window | Open link in new window]
WebWereld: Superspyware Flame klaar voor nieuw offensief (2012/09/17)
[Open link in this window | Open link in new window]
Wired Threat Level: Coders behind the Flame malware left incriminating clues on control servers (2012/09/17)
[Open link in this window | Open link in new window]
A paper by James Wyke.
From 'Introduction':
"ZeroAccess has been installed over 9 million times. Its current size is somewhere in the region of 1 million machines spread throughout the world, with the majority located in the U.S. We will explore the financial aspects of the botnet, examining how click fraud and Bitcoin mining can earn the botnet owners a potential $100,000 each day."
James Wyke: The ZeroAccess Botnet - Mining and fraud for massive financial gain (PDF linked from this page)
[Open link in this window | Open link in new window]
Naked Security: Over 9 million PCs infected - ZeroAccess botnet uncovered (2012/09/19)
[Open link in this window | Open link in new window]
Security.nl: Botnet van 9 miljoen Windows-computers ontdekt (2012/09/20)
[Open link in this window | Open link in new window]
WebWereld: Botnet delft stiekem Bitcoins voor beheerder (2012/09/20)
[Open link in this window | Open link in new window]
A report by Symantec.
From the Introduction:
"In this month's report we focus on data breaches — security incidents where user information becomes publically exposed or stolen. We compare what has happened in 2012 to a similar period in 2011, going back to the beginning of the Operation AntiSec campaign last year."
Symantec: Symantec intelligence report - August 2012 (PDF linked from this page)
[Open link in this window | Open link in new window]
AG: Nederland grootste doelwit phishing (2012/09/17)
[Open link in this window | Open link in new window]
Security.nl: Nederlanders vaakst aangevallen via e-mail (2012/09/14)
[Open link in this window | Open link in new window]
A report by Nathan Ducastel, Robbert Fisher, Daniel Gehrt, Theo Hooghiemstra, Luca Alessandro Remotti, Bas van Schoonhoven, Tijs van den Broek and Ron van Paassen.
From the Executive Summary:
"The present study has collected fact based evidence to support the impact assessment of the different policy options according to the real-life scenarios of regulation, deployment and use of eIDs and eAuthentication in cross-border public or eGovernment services in the European Union. The present report provides a comprehensive conceptual framework for eIDs and eAuthentication, and fact-based data and indications on each of [...] four eID options [...] The study provides a coherent analysis of regulatory, institutional, organisational and technological issues related to the development of interoperable cross-border eIDs. Furthermore, it considers the four options in terms of their potential impact on the development of the digital single market in general, and of their support to the cross-border access to public services. The different options are compared with the specific development goals of current policy initiatives."
Nathan Ducastel, Robbert Fisher, Daniel Gehrt, Theo Hooghiemstra, Luca Alessandro Remotti, Bas van Schoonhoven, Tijs van den Broek and Ron van Paassen: Study on impact assessment for legislation on mutual recognition and acceptance of e-Identification and e-Authentication across borders (PDF)
[Open link in this window | Open link in new window]
European Commission: Study on impact assessment for legislation on mutual recognition and acceptance of e-Identification and e-Authentication across borders (2012/09/10)
[Open link in this window | Open link in new window]
A Congressional Research Service report by Richard M. Thompson II.
From the Summary:
"Drones, or unmanned aerial vehicles (UAVs), are aircraft that can fly without an onboard human operator. [...] These unmanned aircraft are most commonly known for their operations overseas in tracking down and killing suspected members of Al Qaeda and related organizations. In addition to these missions abroad, drones are being considered for use in domestic surveillance operations, which might include in furtherance of homeland security, crime fighting, disaster relief, immigration control, and environmental monitoring. Although relatively few drones are currently flown over U.S. soil, the Federal Aviation Administration (FAA) predicts that 30,000 drones will fill the nation's skies in less than 20 years. Congress has played a large role in this expansion. In February 2012, Congress enacted the FAA Modernization and Reform Act (P.L. 112-95), which calls for the FAA to accelerate the integration of unmanned aircraft into the national airspace system by 2015. However, some Members of Congress and the public fear there are insufficient safeguards in place to ensure that drones are not used to spy on American citizens and unduly infringe upon their fundamental privacy."
Richard M. Thompson II: Drones in domestic surveillance operations - Fourth Amendment implications and legislative responses (PDF)
[Open link in this window | Open link in new window]
Epic.org: New CRS report finds few protections for drone surveillance (2012/09/07)
[Open link in this window | Open link in new window]
A paper by Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov and Ross Anderson.
From the Abstract:
"EMV, also known as 'Chip and PIN', is the leading system for card payments world-wide. It is used throughout Europe and much of Asia, and is starting to be introduced in North America too. Payment cards contain a chip so they can execute an authentication protocol. This protocol requires point-of-sale (POS) terminals or ATMs to generate a nonce, called the unpredictable number, for each transaction to ensure it is fresh. We have discovered that some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply this number. This exposes them to a 'pre-play' attack which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically (in the sense of extracting the key material and loading it into another card). Card cloning is the very type of fraud that EMV was supposed to prevent."
Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov and Ross Anderson: Chip and skim - cloning EMV cards with the pre-play attack (PDF)
[Open link in this window | Open link in new window]
Light Blue Touchpaper: Chip and skim - cloning EMV cards with the pre-play attack (2012/09/10)
[Open link in this window | Open link in new window]
Schneier on Security: New attack against chip-and-pin systems (2012/09/11)
[Open link in this window | Open link in new window]
Naked Security: A picked pocket in Mallorca reveals chink in chip-and-PIN security (2012/09/12)
[Open link in this window | Open link in new window]
AG: Pinpas met chip niet zo veilig als banken claimen (2012/09/13)
[Open link in this window | Open link in new window]
Security.nl: 'Nieuwe pinnen kwetsbaar voor skimmers' (2012/09/13)
[Open link in this window | Open link in new window]
WebWereld: Gat in het nieuwe pinnen verklaart spookopnames (2012/09/13)
[Open link in this window | Open link in new window]
WebWereld: Pinautomaten met EMV-gat (foto's) (2012/09/13)
[Open link in this window | Open link in new window]
WebWereld: Nieuw gat in het nieuwe pinnen bij toeval ontdekt (2012/09/13)
[Open link in this window | Open link in new window]
A forum guideline by the CA/Browser Forum.
2. Purpose:
"The primary goal of these Requirements is to enable efficient and secure electronic communication, while addressing user concerns about the trustworthiness of Certificates. The Requirements also serve to inform users and help them to make informed decisions when relying on Certificates."
CA/Browser Forum: Baseline requirements for the issuance and management of publicly-trusted certificates, v.1.0 (PDF)
[Open link in this window | Open link in new window]
Naked Security: Microsoft says "No!" to insecure certificate practices (2012/09/11)
[Open link in this window | Open link in new window]
Security.nl: SSL-verstrekkers geven onveilige certificaten uit (2012/09/11)
[Open link in this window | Open link in new window]
A paper by David C. Gray and Danielle Keats Citron.
From the Abstract:
"We are at the cusp of a historic shift in our conceptions of the Fourth Amendment driven by dramatic advances in technologies that continuously track and aggregate information about our daily activities. The Fourth Amendment tipping point was marked this term by United States v. Jones. There, law enforcement officers used a GPS device attached to Jones’s car to follow his movements for four weeks. Although Jones was resolved on narrow grounds, five justices signed concurring opinions defending a revolutionary proposition: that citizens have Fourth Amendment interests in substantial quantities of information about their public or shared activities, even if they lack a reasonable expectation of privacy in each of the constitutive particulars. This quantitative approach to the Fourth Amendment has since been the focus of considerable debate. Among the most compelling challenges are identifying its Fourth Amendment pedigree, describing a workable test for deciding how much information is enough to trigger Fourth Amendment interests, and explaining the doctrinal consequences. This Article takes up these challenges."
David C. Gray and Danielle Keats Citron: A technology-centered approach to quantitative privacy (SSRN)
[Open link in this window | Open link in new window]
Concurring Opinions: Biometric databases and quantitative privacy (2012/09/08)
[Open link in this window | Open link in new window]
A publication by the Information and Privacy Commissioner of Ontario.
From the introduction to the document:
"The practice of employers looking for background information about job candidates on social networking websites such as Facebook has grown dramatically.3 These sites, along with search engines, are now being used as a business tool by human resources departments to perform background checks on potential employees. Users of Facebook and other such sites should post information with their eyes wide open - considering the risks to their employment prospects, current and future. This paper provides important information and suggests ways of mitigating and minimizing such risks."
Information and Privacy Commissioner of Ontario: Reference check - is your boss watching? (PDF)
[Open link in this window | Open link in new window]
PrivacyLives: Ontario Privacy Commissioner - The new world of social media - Privacy and your Facebook profile (2012/09/12)
[Open link in this window | Open link in new window]
An article by Julie E. Cohen.
From the introduction to the article:
"Everything we know about creativity suggests that copyright plays very little role in motivating creative work. In the contemporary information society, the purpose of copyright is to enable the provision of capital and organization so that creative work may be exploited. This reframing has [...] important consequences for debates about copyright law and policy."
Julie E. Cohen: Copyright as property in the post-industrial economy - a research agenda (PDF)
[Open link in this window | Open link in new window]
Concurring Opinions: Fair culture and cultural welfare (2012/09/13)
[Open link in this window | Open link in new window]
Guidelines by the FTC.
From the document:
"Congratulations! The app business is burgeoning and you've decided to get in on the boom. Maybe you work for an exciting start-up or are striking out on your own. Regardless of the size of your business, the Federal Trade Commission (FTC) — the nation's consumer protection agency — has guidelines to help you comply with truth-in-advertising standards and basic privacy principles."
FTC: Marketing your mobile app - get it right from the start (PDF linked from this page)
[Open link in this window | Open link in new window]
MediaPost: Smartphone owners clear search history, shed apps, to protect privacy (2012/09/05)
[Open link in this window | Open link in new window]
A report by McAfee.
From the introduction to the report:
"Looking at the second quarter of 2012, the key things that stood out were the emergence of mobile (Android) 'drive-by downloads' as a new attack vector, the use of Twitter for control of mobile botnets, and the appearance of mobile 'ransomware' as the newest way of extracting funds from unsuspecting victims. Much of the growth and rebound in malware and threats we saw last quarter has continued strongly. Last quarter PC malware had its busiest period in recent history, but this quarter has been even busier. We saw significant growth in established rootkits but a slowdown in others. Almost all of the families of malware we examine continue to reach new levels, with activity among password-stealing Trojans particularly strong. We continue our breakouts of the rootkit ZeroAccess, which has declined a bit, and signed malware, which increased slightly. There was also steady, continued growth in malware targeting the Mac. It’s not extreme, but the trend is upward nonetheless."
McAfee: McAfee threats report - Second quarter 2012 (PDF)
[Open link in this window | Open link in new window]
Security.nl: 'Nederland broeinest besmette websites' (12/09/04)
[Open link in this window | Open link in new window]
Tweakers.net: 'Driekwart besmette Europese hostingservers staat in Nederland' (12/09/04)
[Open link in this window | Open link in new window]
WebWereld: Nederland is broeinest van besmette sites (12/09/04)
[Open link in this window | Open link in new window]
A Pew Internet survey by Jan Lauren Boyles, Aaron Smith and Mary Madden.
From 'Key findings':
"Taken together, 57% of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons."
Jan Lauren Boyles, Aaron Smith and Mary Madden: Privacy and data management on mobile devices (PDF linked from this page)
[Open link in this window | Open link in new window]
Epic.org: Pew survey finds most mobile users avoid apps due to privacy concerns (2012/09/05)
[Open link in this window | Open link in new window]
Security.nl: 50% smartphone-gebruikers wist surfgeschiedenis (2012/09/06)
[Open link in this window | Open link in new window]
A paper by Daniel C. Barth-Jones.
From the Abstract:
"The 1997 re-identification of Massachusetts Governor William Weld's medical data within an insurance data set which had been stripped of direct identifiers has had a profound impact on the development of de-identification provisions within the 2003 Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Weld's re-identification, purportedly achieved through the use of a voter registration list from Cambridge, MA is frequently cited as an example that computer scientists can re-identify individuals within de-identified data with “astonishing ease”. However, a careful re-examination of the population demographics in Cambridge indicates that Weld was most likely re-identifiable only because he was a public figure who experienced a highly publicized hospitalization rather than there being any certainty underlying his re-identification using the Cambridge voter data, which had missing data for a large proportion of the population."
Daniel C. Barth-Jones: The 're-identification' of governor William Weld's medical information - a critical re-examination of healt data identification risks and privacy protections, then and now (SSRN)
[Open link in this window | Open link in new window]
Concurring Opinions: Re-identification risks and myths, superusers and super stories (part 1 - risks and myths) (2012/09/06)
[Open link in this window | Open link in new window]
A paper by Chris Jay Hoofnagle, Ashkan Soltani, Nathan Good, Dietrich James Wambach and Mika Ayenson.
From the Abstract:
"In 2009 and 2011, we surveyed top websites to determine how they were tracking consumers. We found that advertisers were using persistent tracking technologies that were relatively unknown to consumers. Two years later, we found that the number of tracking cookies expanded dramatically and that advertisers had developed new, previously unobserved tracking mechanisms that users cannot avoid even with the strongest privacy settings. These empirical observations are valuable for the political debate surrounding online privacy because they inform the framing and assumptions surrounding the merits of privacy law. Our work demonstrates that advertisers use new, relatively unknown technologies to track people, specifically because consumers have not heard of these techniques. Furthermore, these technologies obviate choice mechanisms that consumers exercise. We argue that the combination of disguised tracking technologies, choice-invalidating techniques, and models to trick the consumers into revealing data suggests that advertisers do not see individuals as autonomous beings. Once conceived of as objects, preferences no longer matter and can be routed around with tricks and technology."
Chris Jay Hoofnagle, Ashkan Soltani, Nathan Good, Dietrich James Wambach and Mika Ayenson: Behavioral advertising - the offer you cannot refuse (SSRN)
[Open link in this window | Open link in new window]
TLF: The ACLU vs. itself on user empowerment for online safety & privacy (12/08/30)
[Open link in this window | Open link in new window]
WebWereld: Sites omzeilen steeds vaker cookieblokkades (12/08/31)
[Open link in this window | Open link in new window]
A report by F-Secure.
From the 'Executive summary':
"One of the most pervasive trends we saw in the computer threat landscape in the first half of 2012 was the expanding usage of vulnerability exploitation for malware distribution. This phenomenon is directly tied to the recent improvement in exploit kits - toolkits that allow malware operators to automatically exploit code. [...] Like software developers in any other field, the authors of these exploit kits have been steadily improving their products and product support. The result of their efforts is a tool that greatly simplifies vulnerability exploitation, giving even technically unskilled users the ability to attack multiple vulnerabilities with little effort."
F-Secure: Threat report - H1 2012 (PDF)
[Open link in this window | Open link in new window]
Security.nl: ABN AMRO en Rabobank favoriete doelwit malware (12/08/21)
[Open link in this window | Open link in new window]
Security.nl: 'Nederlanders downloaden vaak besmette apps' (12/08/21)
[Open link in this window | Open link in new window]
A survey by the Future of Privacy Forum.
From the introduction to the document:
"This document has been assembled to provide an overview of some efforts to date to develop guidelines that contribute to transparency. There is a good deal of work to be done; nonetheless, this document seeks to be a helpful addition to the discussion by highlighting and bringing to the table some of the work previously done by some participants."
Future of Privacy Forum: Transparency - A brief Future of Privacy Forum survey of mobile application best practices (PDF)
[Open link in this window | Open link in new window]
FPF: A brief Future of Privacy Forum survey of mobile application best practices (12/08/21)
[Open link in this window | Open link in new window]
A report by the British Retail Consortium (BRC).
From 'Overview':
"Findings from the first e-crime study undertaken by the British Retail Consortium (BRC) are based on responses to a quantitative survey conducted between April and May 2012. The survey was conducted online and supplemented with a series of follow-up qualitative interviews. Respondents were members of the BRC drawn from a selection of key retailing types including supermarkets, department stores, fashion, health and beauty and mixed retail. Taken together, the retailers questioned constitute around 45 per cent of the UK retail sector by turnover."
British Retail Consortium (BRC): Counting the cost of e-crime - Executive summary (PDF)
[Open link in this window | Open link in new window]
When IT Meets Politics: Business rejected by e-security costs more than e-crime (12/08/22)
[Open link in this window | Open link in new window]
Out-law.com: E-crime "biggest emerging threat to retailers as figures show GBP205m cost last year (12/08/23)
[Open link in this window | Open link in new window]
A blog post by 'm3g9tr0n'.
From the introduction to the post:
"This is the story about how I cracked 122 million password hashes with John the Ripper and oclHashcat-plus."
'm3g9tr0n': Cracking story - How I cracked over 122 million SHA1 and MD5 hashed passwords (posted on Thireus.com)
[Open link in this window | Open link in new window]
Security.nl: Hoe je 122 miljoen wachtwoord-hashes kraakt (12/08/30)
[Open link in this window | Open link in new window]
A paper by Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros and Dawn Song.
From the Abstract:
"The security risks involved in using consumer-grade BCI devices have never been studied and the impact of malicious software with access to the device is unexplored. We take a ?rst step in studying the security implications of such devices and demonstrate that this upcoming technology could be turned against users to reveal their private and secret information. We use inexpensive electroencephalography (EEG) based BCI devices to test the feasibility of simple, yet effective, attacks. The captured EEG signal could reveal the user's private information about, e.g., bank cards, PIN numbers, area of living,the knowledge of the known persons."
Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros and Dawn Song: On the feasibility of side-channel attacks with brain-computer interfaces (Scribd)
[Open link in this window | Open link in new window]
Wired Threat Level: Researchers hack brainwaves to reveal PIN numbers, other personal data (12/08/29)
[Open link in this window | Open link in new window]
WebWereld: Onderzoekers stelen pincodes uit hersengolven (12/08/31)
[Open link in this window | Open link in new window]