BSides Perth 2023 – Authenticating using only your mind

This Post links to a talk I gave at BSides Perth in 2023. The talk aimed to answer the question:

“Can I log into my PC using only my mind?”

The answer turned out to be a happy “Damn right I can!” and thus my talk was born. This project leaned heavily on:

  • An Emotiv Epoc X
  • The torturing of the PAM-Python module (not to be confused with Python-PAM which is a demonically inspired nightmare.)
  • An understanding of PAM modules and the Open Sound Control subsystem
  • Hours of Model training
  • Blind dumb luck

The main goal of the project was to use the Epoc headset, trained in a memory of my 11th birthday to interact with a linux box via the OSC interface, and from there with PAM-Python to provide a valid authentication event into PAM that can be utilised by any PAM integrated sub-system (Gnome/Unity desktop login, SUDO, SU etc)

The result was an inelegant proof of concept (pardon the pun) system that was sucesfully leveraged to log into my desktop and sudo to a root shell in front of a live studio audience of 350+ Security professionals.

If you’re familiar with my demos then you’ll know that my live demos are proportionally successful in an inverse relationship with the number of people watching. But the demo gods smiled upon my preparation that day and.. well, watch the talk for yourself….