Skip to content


The Unconscious Threat

Social Engineering is generally a practice that involves trying to manipulate conscious behavior. You can act like an authority, for example, by dropping names of importance or displaying something to suggest power and rank.

Act like you are carrying a heavy box and someone may feel like they should open the door for you. An article in Time suggests that this sort of manipulation can also occur at a much deeper level — Unconscious Will Sways Actions, Desires, Say Researchers:

There may be few things more fundamental to human identity than the belief that people are rational individuals whose behavior is determined by conscious choices. But recently psychologists have compiled an impressive body of research that shows how deeply our decisions and behavior are influenced by unconscious thought, and how greatly those thoughts are swayed by stimuli beyond our immediate comprehension.

This reminds me of the post I wrote some time ago on Risk Intuition and Helmets, where I suggested that feedback is a key factor in our decisions about risk. The engine, brakes and suspension give more feedback than a seatbelt or helmet. This says to me that those three things are more likely to be the reason drivers take risks and go at higher speeds, not because of a seatbelt or helmet. Note the findings reported in Time:

…people sitting in hard chairs are more likely to be more rigid in negotiating the sales price of a new car, they tend to judge others as more generous and caring after they hold a warm cup of coffee rather than a cold drink, and they evaluate job candidates as more serious when they review their résumés on a heavy clipboard rather than a light one.

Although it is tempting to think just about how we can modify behavior, the opposite approach is also interesting. How can we detect behavior that has been modified?

Consider the approach by WeCU Technologies, as reported in Fast Company.

1. WeCU’s system of sensors takes baseline measurements of the traveler’s heart rate, body temperature, and breathing rate.

2. The system then subjects the person to subtle stimuli. While WeCU is reluctant, for security reasons, to provide details, one prompt that it uses for demo purposes is a kiosk check-in screen that asks the traveler to “enter name,” but briefly flashes “enter real name.” According to WeCU CEO Ehud Givon, most travelers wouldn’t respond to the different prompts, but someone who is hiding a true identity would.

Eye movements are measured. Blood vessels are measured. It is all based on the idea that a trustworthy behavior baseline will be recorded on its first test and then threats can be detected by a secondary set of tests for unconscious behavior.

Posted in Security.


One Response

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Continuing the Discussion

  1. Tweets that mention The Unconscious Threat – flyingpenguin -- Topsy.com linked to this post on July 8, 2010

    […] This post was mentioned on Twitter by Roer.com – the Blog! and Cyber Informer, davi ottenheimer. davi ottenheimer said: The Unconscious Threat http://goo.gl/fb/IvwNq […]



Some HTML is OK

or, reply to this post via trackback.