Cybercriminals Could Soon Be Hacking Your Brainwaves

Photo credit: Shutterstock 

Headsets that monitor your brainwaves could allow hackers to empty your bank account, scientists fear.

High-tech helmets called electroencephalograms or EEGs are often used to diagnose epilepsy, but are beginning to appear on the toy and video game markets.

You can buy devices that allow you control robotic toys or play video games using just your mind for just $130.

But a study recently proved that hackers could guess a user’s passwords using these headsets to monitor victims’ brainwaves.

And now scientists are concerned that EEGs could be used in a similar way.

Nitesh Saxena, associate professor in the UAB College of Arts and Sciences, along with PhD student Ajaya Neupane and Doctor Lutfor Rahman, found that a person who paused a video game and logged into a bank account while wearing an EEG could have their passwords or personal information nabbed by malicious software.

“These emerging devices open immense opportunities for everyday users,” Saxena told

“However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology.”

A tester wearing an EEG cap controls toy robots at the PLA Information Engineering University in China.Getty Images

The researchers used two headsets to test their hypothesis – one clinical grade and one which can be bought online.

Both headsets monitored visual processing, hand-eye, and head muscle movements to “learn” what numbers a person was thinking about.

They asked 23 people to type a series of randomly generated pins and passwords into a text box as if they were logging into an online account while wearing the EEG.

Their password-nicking software quickly learned which number corresponded with a specific muscle movement or “brainwave.”

Hackers could exploit this, they claim, by getting someone playing a game using a headset to enter a set of numbers shown on screen after pausing for a break.

The hidden program would prompt an annoying CAPTCHA-style box in which users type set of letters to prove “I’m not a robot” so it could figure out someone’s signature brainwaves.

The team found that after 200 characters, algorithms could make a decent guess about what the person was thinking.Modal Trigger

The On Your Wavelength art installation is controlled by participants’ minds via an EEG headset.Getty Images
This could shorten the odds of a hacker’s guessing a four-digit numerical PIN from one in 10,000 to one in 20 and increased the chance of guessing a six-letter password from about 500,000 to roughly one in 500, the study found.

And while it might seem like a lot of effort, if hackers send out this malicious code in batches and broke into a handful of people’s bank accounts, they could still make themselves plenty of money in a very short amount of time.

“Given the growing popularity of EEG headsets and the variety of ways in which they could be used, it is inevitable that they will become part of our daily lives, including while using other devices,” Saxena said.

“It is important to analyze the potential security and privacy risks associated with this emerging technology to raise users’ awareness of the risks and develop viable solutions to malicious attacks.”

No comments

Powered by Blogger.