Hackers can steal PINs, passwords from your brainwaves

Hackers can steal PINs, passwords from your brainwaves
x
Highlights

Hackers can guess a user\'s passwords by monitoring their thoughts, according to scientists including those of Indian origin who suggest that brainwave-sensing headsets need better security. Electroencephalograph (EEG) headsets allow users to control robotic toys and video games with the mind.

Washington : Hackers can guess a user's passwords by monitoring their thoughts, according to scientists including those of Indian origin who suggest that brainwave-sensing headsets need better security. Electroencephalograph (EEG) headsets allow users to control robotic toys and video games with the mind.

Researchers at the University of Alabama at Birmingham in the US found that a person who paused a video game and logged into a bank account while wearing an EEG headset was at risk for having their passwords or other sensitive data stolen by a malicious software programme.

"These emerging devices open immense opportunities for everyday users," said Nitesh Saxena, associate professor from University of Alabama. "However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology," said Saxena.

The team, including PhD student Ajaya Neupane, used one EEG headset currently available to consumers online and one clinical-grade headset used for scientific research to demonstrate how easily a malicious software programme could passively eavesdrop on a user's brainwaves. While typing, a user's inputs correspond with their visual processing, as well as hand, eye and head muscle movements. All these movements are captured by EEG headsets.

The team asked 12 people to type a series of randomly generated PINs and passwords into a text box as if they were logging into an online account while wearing an EEG headset, in order for the software to train itself on the user's typing and the corresponding brainwave.

"In a real-world attack, a hacker could facilitate the training step required for the malicious programme to be most accurate, by requesting that the user enter a predefined set of numbers in order to restart the game after pausing it to take a break, similar to the way CAPTCHA is used to verify users when logging onto websites," Saxena said.

Show Full Article
Print Article
Next Story
More Stories
ADVERTISEMENT
ADVERTISEMENTS