Electronic devices that harness the power of brain signals are one of the latest additions to the world of gaming. A new study has found, however, that hackers could also use such technology to access private information such as passwords and ATM pin codes.
A team of investigators at the University of Alabama at Birmingham found out that brainwave-sensing headsets also called as the electroencephalograph headsets (EEG) which aid in cyber password theft.
These headphones are used as both medical devices and game controllers and are available in the price range of $150 to $800. According to Nitesh Saxena, a Ph.D. associate professor in the UAB College of Arts and Sciences Department of Computer and Information Sciences, these devices open up a spectrum of opportunities for daily users.
However, they can prove as a security and privacy threat because companies are working to come up with more advanced brain-computer interface technology with each passing day.
What are EEG Headsets?
EEG headphones are also known as the EPOC and are used widely in the medical field. These headsets work as a non-invasive technique for monitoring the brain waves of a person. The electrodes of these headphones are placed on the scalp of the individual to detect the brain waves. These machines are also used to control robotic toys and video games with the mind.
EEG device is connected to a computer interface to control the external devices. The machine amplifies the signals received which are them recorded in a wave pattern on paper or computer. These devices are often used for scientific research like manufacturing of neuroprosthetic applications like prosthetic limbs. The device aids in syncing the movements of the prosthetic limbs.
EEG and Passwords
The team of researchers from the University of Alabama at Birmingham also found that a malicious software program stole the PIN and passwords of people who paused their video game to log on to their bank accounts wearing the EEG headset.
Saxena, along with his team used one EEG headset that was commonly available to the consumers online and one clinical grade headset that was used for scientific research to show how quickly a malicious program could grab the information based on the user’s brainwaves.
The EEG headset captures the user’s inputs by corresponding to their visual processing along with their hand, eye and head muscle movements while the user types.
The team conducted an experiment in which they asked 12 people to type randomly generated passwords and usernames into a text box while using an EEG headset. The software trains itself on the user’s typing and the corresponding brainwave to read the data.
Saxena adds a hacker can use this training step to be more accurate by prompting the user to key in a predefined set of numbers to restart the game he/she is playing after pausing it for some time. It works exactly like how CAPTCHA helps in verifying the users for logging onto different websites.
Soon, it was found by the team that when a user enters 200 characters, algorithms within the software starts guessing the new characters based on the ones entered and the data recorded by the EEG headset. The algorithm shortens the hacker’s guessing of a four-digit PIN from 1 to 10,000 to 1 in 20. It increases the chances of guessing the six-letter password from around 500,000 to about 1 in 500.
Saxena informs that with the growing popularity of the EEG headsets, there are used widely for different purposes. The EEG headsets are becoming an inevitable part of our daily lives. It is important to keep the potential risk in mind and the privacy risks that come with this technology option. He says that there is just one solution to avoid this growing threat. Insertion of noise while typing in a password or a PIN (if you are wearing an EEG headset) will help in the prevention of security risk.
Featured Image© Michaela Rehle / Reuters source