A brain machine interface (BMI) is an electrical device that can be used for recording neuronal information or signals from the brain. These devices come in three types: invasive, semi-invasive, and non-invasive. Non-invasive BMI devices record neural signals from the surface of the scalp, such as electroencephalograms (EEG). Semi-invasive BMI devices record from just underneath the scalp (ECoG), and do not penetrate the brain. Invasive BMI, such as an implanted microelectrode array and electrode dust, penetrate the brain and record signals directly from neurons. Their purpose? To attempt to communicate directly with your brain. Although BMIs provide for many benefits, such as allowing patients with locked-in syndrome to communicate with the world or quadriplegics the ability to interact with the world, people have to understand communication happens in both directions. It serves as an output device, however, as in the use case for robotic control, it can serve as a receiver. If put in the wrong hands, others can manipulate the very organ that makes you, you. Is control of your mind a reasonable outcome to protect against? No group in our society is more equipped to answer this question, more able to understand this technology, more qualified to call BS, and more poised to protect us from this unprecedented privacy intrusion than hackers. We will also be the group poised and able to find bugs in the OS, demonstrate how these devices can be hacked, repurpose them to show how they may do the unexpected, and - perhaps most importantly - engineer and integrate controls and limits, discover critical security vulnerabilities, and make them clear to the public. The only safety we and the public have between us and corporate/government misuse of these devices is the curious, tenacious, independent, outspoken, and resourceful hacker. This talk will discuss technical issues in the design of a BMI - how are multiple signal channels read, how is noise in the system dealt with, how signaling to and from neurons ("neural code") is understood, how security is currently implemented (clue: it's not), and what the implications of this technology are (clues: far-reaching, invasive, privacy-destroying).