Tiny noise, big mistakes: Adversarial perturbations induce errors in Brain-Computer Interface spellers
This work highlights a critical security vulnerability in assistive communication devices for severely disabled individuals, such as ALS patients, which had been largely overlooked previously.
This study demonstrated that EEG-based brain-computer interface spellers are highly vulnerable to adversarial perturbations, where tiny, imperceptible noise added to EEG signals can cause the spellers to output text chosen by an attacker, potentially leading to user frustration or clinical misdiagnosis.
An electroencephalogram (EEG) based brain-computer interface (BCI) speller allows a user to input text to a computer by thought. It is particularly useful to severely disabled individuals, e.g., amyotrophic lateral sclerosis patients, who have no other effective means of communication with another person or a computer. Most studies so far focused on making EEG-based BCI spellers faster and more reliable; however, few have considered their security. This study, for the first time, shows that P300 and steady-state visual evoked potential BCI spellers are very vulnerable, i.e., they can be severely attacked by adversarial perturbations, which are too tiny to be noticed when added to EEG signals, but can mislead the spellers to spell anything the attacker wants. The consequence could range from merely user frustration to severe misdiagnosis in clinical applications. We hope our research can attract more attention to the security of EEG-based BCI spellers, and more broadly, EEG-based BCIs, which has received little attention before.