A team of researchers from the University of Oxford in Geneva and the University of California in Berkeley explained the process using an off-the-shelf Emotiv brain-computer interface that only cost a few hundred dollars.
Volunteers for the security experiment were asked to wear an Emotiv BCI head piece and sat in front of a computer screen that showed images of maps, banks and card PINS.
The researchers then tracked the P300 brain signal, which is given off when the brain registers meaningful stimuli.
The team found they could consistently reduce the random data in each variable by 15 to 40 per cent, a marked advantage over random guessing.
Subjects were essentially leaking valuable information through the BCI units, making it easier to calculate their address or bank account numbers.
"The simplicity of our experiments suggests the possibility of more sophisticated attacks," Discovery News quoted the team as saying in their paper.
"For example, an uninformed user could be easily engaged into 'mindgames' that camouflage the interrogation of the user and make them more cooperative. Furthermore, with the ever increasing quality of devices, success rates of attacks will likely improve," they added.
