Hackers could tap into your brainwaves to steal sensitive passwords,warn researchers at the University of Alabama, Birmingham.

A new study suggests EEG headsets, the set of electrodes that records brain activity, are hackable. By observing a person's brainwaves as their surf the internet, hackers could glean neural patterns and successfully guess a user's password.

Though EEG headsets are mostly used in research, there are now several models on the open market, mostly advertised to video and computer game players. EEGs can tap into a person's brain power to remotely control robotic toys and video games.

Observing an EEG-wearer as he or she plays video games may not be all that worthwhile for hackers. But what if a user takes a break from gameplay to surf the web? And what if that person then logins into their online banking account?

"We do believe that this is going to be a real problem in the future as more and more of these BCI [brain-computer interface] devices get deployed for gaming and other day to day applications," Nitesh Saxena, an associate professor of computer and information sciences at UAB, told UPI via email. "The hacking scenario could involve such a switching between the gaming application and a website login."

"Many people already use these headsets for gaming purposes and they could be logging into different websites while wearing these," Saxena added.

Saxena and his colleagues conducted a proof-of-concept study to demonstrate the risks. The computer scientists had study participants type several randomly generated PINs and passwords on a keyboard while wearing an EEG headset. Software was then used to analyze each user's brainwaves as they typed the passwords.

Saxena says hackers could replicate this training stage of their experiment by having a user type in a series of numbers to restart a paused game, similar to how some websites use the text replication system known as CAPTCHA to distinguish between humans and bots.

Record users typing in random text enough times and computer algorithms can link letters to brainwaves, allowing the software to guess a user's password based on brain activity.

The software developed by Saxena and his colleagues was able to learn sufficient patterns after study participants had typed 200 characters.

"The algorithm was able to shorten the odds of a hacker's guessing a four-digit numerical PIN from one in 10,000 to one in 20 and increased the chance of guessing a six-letter password from about 500,000 to roughly one in 500," scientists confirmed in a news release.

Researchers say the security risk could be fixed by designing EEG headsets to emit obscuring electronic noise, disguising brainwaves, while users type in codes or passwords.

Tweet

IAI investing in European cybersecurity companies
Washington (UPI) Jun 29, 2017
Israel Aerospace Industries' Cyber Division is investing in companies in Holland and Hungary to expand its research and development activities in the field. These investments join IAI's cyber-operations in Israel, Switzerland and Singapore, where it operates R&D and innovation centers, the company said when making the announcement on Thursday. "Our investments in local software c ... read more

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Thanks for being here; We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain. With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords. Our news coverage takes time and effort to publish 365 days a year. If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Contributor $5 Billed Once credit card or paypal		SpaceDaily Monthly Supporter $5 Billed Monthly paypal only