Hackers show how to build and beat a lie detector

Hackers at the Defcon security conference in Las Vegas showed they could build a lie detector and beat it.

In the presentation, hackers who went by the handles Rain (above) and Urban Monkey (below) said they built a lie detector based on a pre-existing design that cost about $50.

The talk is typical of the somewhat alarming sessions at the Defcon hacker conference in Las Vegas. Black Hat and Defcon are sister conferences. While Black Hat is more corporate, Defcon is the Wild West. You can pay for your Black Hat badge with a credit card; at Defcon, attendees pay with cash. Photos of the crowd are not allowed. Federal officers attend the show and have to endure “spot the fed” contests. The environment is meant to welcome those hackers who are on the gray side of the law, and it is considerably downscale from Black Hat. (See our roundup of all Black Hat and Defcon stories).

The modern polygraph was developed in the 1920s and then moved into the private sector in the 1930s. They slowly spread through police departments during the latter decades. The use spread in the McCarthy era in the 1950s and continued during the Cold War. In the 1980s, lie detectors became inadmissible in court in some jurisdictions due to abuses and numerous challenges to accuracy. The private sector continued to use lie detectors, and after 9/11, the use of polygraphs began to rise.

Previous hackers (dubbed Neuronumerous) built $50 lie detectors that measured breathing and heart rates. The device measures galvanic skin resistance, which measures sweat. It used an Atmel microcontroller as its brains. It used the Maven 2.2.1 build system and the Java programming language. Source code is at this site. Some 16 people contributed to the work. The testing environment was modeled as closely on industry standards as possible. That means keeping as few people in the room as possible, and controlling the room temperature.

They had subjects deliberately lie to an examiner, saying they had not chosen a certain number between one and ten when in fact they had done so. Then they had them tell the truth. That established the biometrics for someone lying and someone telling the truth. Then they had the subjects use countermeasures to try to fool the machine. These included things like biting their tongues and flexing their anal spincter muscles — things that could change both breathing, sweat and heart rates. Their results showed they could alter the results of the test by altering their bodily reactions during tests.

They argued that over time, anyone could be trained to beat a biofeedback device.