A new study conducted by the researchers from the Birmingham’s University of Alabama has uncovered a new threat. Apparently, EEG (electroencephalograph) headsets, which are special headsets for monitoring brain waves, can be used by hackers for discovering passwords.
Because of this, researchers are suggesting an increase in their security.
For now, there are only a handful of these headsets on the market, with prices going between $150 and $800. According to their ads, the headsets can allow users to control things like robotic toys, or specially designed video games.
UAB College of Arts and Sciences Department of Computer and Information Sciences’ Ph.D., associate professor, Nitesh Saxena, as well as Ajaya Neupane, who is a Ph.D. student, and Md Lutfor Rahma, a former master’s student have discovered different results. According to their research, if an EEG had a malicious software, and its user paused the video game too, let’s say, log into the bank account – their password might be stolen.
Saxena has stated that tech like this offers amazing new opportunities, but it needs to have better security. Companies that are making them need to think of risks, as well as benefits of devices that they make.
In order to prove their theory, Saxena and his team compared a clinical-grade headset that is used for research and one that is currently available to users online. The goal of this experiment was to demonstrate just how easy it is for malicious software to spy on users’ brainwaves.
EEG works by monitoring, capturing, and translating movements of users eye, head, hand, as well as visual processing. This is all scanned while the user types inputs. To test that malware can steal passwords, Saxena’s team asked 12 different people to type PINs or passwords that were randomly generated.
They were supposed to type them into a text box, while they were logging into online accounts. Of course, they needed to wear EEG’s during that time, in order to get in sync with the device.
A hacker would need to find a different way to learn how to read user’s brainwaves, but it is possible to do so. For example, when users pause the game that they are playing, they might be required to enter a predetermined set of numbers in order to continue.
And, according to the team, after around 200 characters, the malicious software can learn how to read brainwaves. It is not perfect, but it works with relative precision.
EGG technology is not as new as many believe, and in fact, it has been around for almost half a century now. It was used for recording brain’s electrical activity, and with electrodes on the patient’s scalp, it would amplify the signals of the brain and record patterns on paper or computer.
When combined with technology like brain-computer interface, it can be used for controlling external devices with your mind. This tech was once used for scientific purposes, but today, it aims more at gaming and entertainment.
Saxena said that this tech is gaining more and more popularity and that it will eventually become a part of our daily lives. That is why we need to find its flaws in time, in order to prevent later surprises. One method of protection would be to insert noise whenever a user types in their PIN while the EGG is being worn.