Hackers Could Tap EEGs, Observe Brainwaves To Steal Passwords

Hackers could tap into your brainwaves to steal sensitive passwords, warn researchers at the University of Alabama, Birmingham.

A new study suggests EEG headsets, the set of electrodes that records brain activity, are hackable. By observing a person's brainwaves as they surf the internet, hackers could glean neural patterns and successfully guess a user's password.

Though EEG headsets are mostly used in research, there are now several models on the open market, mostly advertised to video and computer game players. EEGs can tap into a person's brain power to remotely control robotic toys and video games.

Observing an EEG-wearer as he or she plays video games may not be all that worthwhile for hackers. But what if a user takes a break from gameplay to surf the web? And what if that person then logins into their online banking account?

"We do believe that this is going to be a real problem in the future as more and more of these BCI [brain-computer interface] devices get deployed for gaming and other day to day applications," Nitesh Saxena, an associate professor of computer and information sciences at UAB, told UPI via email. "The hacking scenario could involve such a switching between the gaming application and a website login."

"Many people already use these headsets for gaming purposes and they could be logging into different websites while wearing these," Saxena added.

Saxena and his colleagues conducted a proof-of-concept study to demonstrate the risks. The computer scientists had study participants type several randomly generated PINs and passwords on a keyboard while wearing an EEG headset. Software was then used to analyze each user's brainwaves as they typed the passwords.

Saxena says hackers could replicate this training stage of their experiment by having a user type in a series of numbers to restart a paused game, similar to how some websites...

Comments are closed.