Science

Brainwaves: Stealing passwords straight from your head

In the near future, it may be possible for hackers to steal data by reading brainwaves thanks to the increasing use of EEG headsets.

In the science fiction film Inception, a group of thieves break into peoples’ dreams to steal personal information from the victims. This is not far from reality, as criminals may soon be able to take passwords and PINs straight from our heads without expending a great deal of effort. Indeed, a research group has managed to do just that by analyzing brainwaves captured using EEG headsets. These devices use electrodes to measure the wearer’s brainwaves and are currently used not only for medical purposes but increasingly as input devices for computer games as well.

“Given the growing popularity of EEG headsets and their many areas of application, it is inevitable that they will become part of our everyday life”, says scientist Nitesh Saxena as he explains the relevance of the research experiment. The test subjects trained a malware algorithm by continually inputting PINs and passwords into a text field while wearing a medical or gaming EEG headset. This resulted in the software learning to identify which of the many brainwaves originated from the input process. The software was subsequently soon able to calculate a four-digit PIN of which it was not previously aware with a probability of 20 to 1 using only the brainwaves.

Bank account access via brainwaves

According to Saxena, cyber attacks in the future may involve malware infecting an EEG headset wearer’s computer and regularly generating Captcha windows before rounds of computer games. In this scenario, the user will be training a piece of malware by inputting the characters and digits shown, rather than proving that he is not malware. After this has been ongoing for some time, the algorithm will be able to use his brainwaves to detect what is being typed. If the user then logs into his online bank account while playing a computer game, the malware will read his PIN number.

Malware may soon be able to read brainwaves using fake Captcha windows.
Malware may soon be able to read brainwaves using fake Captcha windows. Image: Flickr – JD(Montage)

“It is important to analyze the potential security risks of this emerging technology,” says Saxena. “This will enable users to be aware of threats and to develop effective measure against attacks.” One solution suggested by the researchers is to mix in interfering signals between brainwaves when entering sensitive data. Although this would also interfere with harmless EEG applications for the duration of the process, users would not have to fear any “eavesdropping” on their thoughts. While the victims of mind attacks in the film Inception defended their secrets with dreams of gunfire, in reality all that is needed is some sort of whistling noise.

Cover photo: Wikipedia – Glogger (CC BY-SA 3.0) – Montage

Share This Article

Related Topics

Science Lifestyle

Read This Next

Read Full Story