(Credit: Emotiv Systems)
Theoretically, it could happen.
Ivan Martinovic of the University of Oxford and colleagues at the University of Geneva and University of California at Berkeley describe research into that question in a paper entitled "On the Feasibility of Side-Channel Attacks With Brain-Computer Interfaces" presented earlier this month at the 21st USENIX Security Symposium.
The research was inspired by the growing number of games and other mind apps available for low-cost consumer EEG devices such as Emotiv's EPOC headset, which lets users interact with computers using their thoughts alone.
Malicious developers could create a "brain spyware" app designed to trick users into thinking about sensitive information, which it would then steal.
The research focused on the P300 brain signal, often emitted when something meaningful is recognized. It has been considered in the design of recent lie detectors.