Researchers at the University of Alabama at Birmingham suggest that brainwave-sensing headsets, also known as EEG or electroencephalograph headsets, need better security after a study reveals hackers could guess a user’s passwords by monitoring their brainwaves.
EEG headsets are advertised as allowing users to use only their brains to control robotic toys and video games specifically developed to be played with an EEG headset. There are only a handful on the market, and they range in price from $150 to $800.
Nitesh Saxena, Ph.D., associate professor in the UAB College of Arts and SciencesDepartment of Computer and Information Sciences, and Ph.D. student Ajaya Neupane and former master’s student Md Lutfor Rahman, found that a person who paused a video game and logged into a bank account while wearing an EEG headset was at risk for having their passwords or other sensitive data stolen by a malicious software program.
“These emerging devices open immense opportunities for everyday users,” Saxena said. “However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology.”
Saxena and his team used one EEG headset currently available to consumers online and one clinical-grade headset used for scientific research to demonstrate how easily a malicious software program could passively eavesdrop on a user’s brainwaves. While typing, a user’s inputs correspond with their visual processing, as well as hand, eye and head muscle movements. All these movements are captured by EEG headsets. The team asked 12 people to type a series of randomly generated PINs and passwords into a text box as if they were logging into an online account while wearing an EEG headset, in order for the software to train itself on the user’s typing and the corresponding brainwave.
“In a real-world attack, a hacker could facilitate the training step required for the malicious program to be most accurate, by requesting that the user enter a predefined set of numbers in order to restart the game after pausing it to take a break, similar to the way CAPTCHA is used to verify users when logging onto websites,” Saxena said.
|“These emerging devices open immense opportunities for everyday users. However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology.”|
The team found that, after a user entered 200 characters, algorithms within the malicious software program could make educated guesses about new characters the user entered by monitoring the EEG data recorded. The algorithm was able to shorten the odds of a hacker’s guessing a four-digit numerical PIN from one in 10,000 to one in 20 and increased the chance of guessing a six-letter password from about 500,000 to roughly one in 500.
EEG has been used in the medical field for more than half a century as a noninvasive method for recording electrical activity in the brain. Electrodes are placed on the surface of the scalp to detect brain waves. An EEG machine then amplifies the signals and records them in a wave pattern on graph paper or a computer. EEG can be combined with a brain-computer interface to allow a person to control external devices. This technology was once highly expensive and used mostly for scientific research, like the production of neuroprosthetic applications to help disabled patients control prosthetic limbs by thinking about the movements. However, it is now being marketed to consumers in the form of a wireless headset and is becoming popular in the gaming and entertainment industries.
“Given the growing popularity of EEG headsets and the variety of ways in which they could be used, it is inevitable that they will become part of our daily lives, including while using other devices,” Saxena said. “It is important to analyze the potential security and privacy risks associated with this emerging technology to raise users’ awareness of the risks and develop viable solutions to malicious attacks.”
One potential solution proposed by Saxena and his team is the insertion of noise anytime a user types a password or PIN while wearing an EEG headset.
The Latest on: Brain-computer interface technology
- Brain Computer Interface Market to See Huge Growth : Mind Technologies, Covidien, Compumedicson November 23, 2020 at 2:55 pm
Brain Computer Interface Comprehensive Study by Type (Invasive brain computer interface, Non Invasive brain computer interface, Partially Invasive brain computer interface, Others (EEG Based BCI and ...
- Austin writer Ernie Cline looks back to the future with ‘Ready Player Two’on November 23, 2020 at 8:28 am
Ready Player One” looked ahead to 2045, imagining an immersive virtual-reality world scaffolded with ’80s pop culture. The novel was a meteoric hit, catapulting Austin author Ernest Cline to the top ...
- Why furloughed engineers are at the forefront of innovationon November 21, 2020 at 3:59 am
Innovators are fuelling growth at precision component supplier Accu and Martin Ackroyd is playing the long game for their business loyalty, writes Lizzie Murphy.
- OpenBCI Unveils Galea, A New Platform that Brings Next Generation Biometrics to Mixed Realityon November 20, 2020 at 1:37 am
PRNewswire/ -- OpenBCI, a Brooklyn-based neurotechnology company today announced a new hardware and software platform called Galea, which combines mixed reality (XR) headsets with state-of-the-art ...
- Brain-computer Interface System Market is booming Globally with Top key players: Neuralink,OpenAI,OpenBCI,Advanced Brain Monitoringon November 18, 2020 at 10:08 pm
The Brain-computer Interface System analysis is provided for the international ... the emergence of innovative technology, or any new risks that are looming over the market. The report also discusses ...
- Hacking Humans: How Neuralink May Give AI The Keys To Our Brainson November 18, 2020 at 4:40 am
The consequences of high-level hacking today are severe, but we've never before had computers linked to our brains.
- Cybathlon tournament showcases life-changing tech for people with disabilitieson November 18, 2020 at 1:24 am
Cybathlon is a global competition that brings together people with physical disabilities to compete in everyday tasks, using state-of-the-art assistance technologies.
- Army-funded algorithm decodes brain signals responsible for behaviors like walking and breathingon November 17, 2020 at 8:52 am
The US Army is funding a project that could lead to brain-machine interfaces. It includes an algorithm capable of isolating brain signals and linking them to specific behaviors such as walking and ...
- Brain Computer Interface + Hologram AR Concept Companies Like WIMI Are Growing Rapidlyon November 13, 2020 at 3:15 am
Mobius Trend releases a research report "Brain Computer Interface + Hologram AR Concept Companies Like WIMI Are Growing Rapidly". The share price of WIMI soared at the beginning of October. Some belie ...
- Brain-computer interface technology debate can’t wait, say NCSU researcherson November 11, 2020 at 2:49 am
RALEIGH - Brain-computer interface (BCI) technologies are no longer hypothetical, yet there are fundamental aspects of the technology that remain unaddressed by both ethicists and policy-makers. Two n ...
via Google News and Bing News