If you're already skeptical about brain-computer interface (BCI) technology you'll probably be laugh twice as hard at the notion that hackers could potentially hack brainwave-scanning products like NeuroSky's or Mattel's game to steal your very thoughts.

And you'd be right to be so dubiousup to a point. Yes, true mind-reading is still the stuff of science fiction. But BCI really does work in its limited capacity. And now an international team of researchers says it's shown that captured electro-encephalography (EEG) signals from common consumer BCI devices can be mined to significantly increase the odds of guessing a user's private information.

In a recently published study, researchers from Oxford University, UC Berkeley, and the University of Geneva report having better success at gleaning BCI device users' bank card information, PIN numbers, area of living, and other private info than by simply guessing randomly.

It's not mind-reading, but the scientists say they've shown "that the entropy of the private information is decreased on the average by approximately 15 to 40 percent compared to random guessing attacks."

That's obviously not an insignificant edge and one that might worry owners of popular BCI devices used for gaming, entertainment, relaxation, or wiggling prosthetic cat ears. Particularly since the researchers say nobody's really even thought to try to secure the EEG signals propagated by such gadgets.

How could a BCI device user have his or her brain hacked? The team posits that "by manipulating the visual stimuli presented on screen [to a BCI device user] and by analyzing the corresponding responses in the EEG signal" a malicious individual could significantly increase the odds of figuring out the user's private information.

Kitting out subjects with an Emotiv EPOC device, the team flashed them on screen images of things like maps, an ATM machine, and a bank card to try to flush out brainwave activity that might offer hints to a person's PIN number, geolocation, and where they bank. Some experiments utilized passive methods while others involved directly asking a subject what month they were born, for example.

After crunching the EEG numbers they got back through their algorithms, the researchers report that experiments designed to mine PIN numbers resulted in first guesses being correct 20 percent of the time, a 30 percent success rate for tests designed to determine a subject's location, and a very impressive 60 percent success rate for identifying users' month of birth.