Cybercriminals could soon be able to hack your BRAINWAVES to steal passwords and empty bank accounts, scientists warn
Brain-monitoring EEG headsets could be hacked by crooks looking to nick your secrets
HEADSETS that monitor your brainwaves could allow hackers to empty your bank account, scientists fear.
High-tech helmets called electroencephalograms or EEGs are often used to diagnose epilepsy, but are beginning to appear on the toy and video game markets.
You can buy devices that allow you control robotic toys or play video games using just your mind for just £100.
But a study recently proved that hackers could guess a user's passwords using these headsets to monitor victims' brainwaves.
And now scientists are concerned that EEGs could be used in a similar way.
Nitesh Saxena, associate professor in the UAB College of Arts and Sciences, along with PhD student Ajaya Neupane and Doctor Lutfor Rahman, found that a person who paused a video game and logged into a bank account while wearing an EEG could have their passwords or personal information nabbed by malicious software.
"These emerging devices open immense opportunities for everyday users," Saxena told Phys.org.
"However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology."
The researchers used two headsets to test their hypothesis - one clinical grade and one which can be bought online.
Both headsets monitored visual processing, hand-eye and head muscle movements to "learn" what numbers a person was thinking about.
They asked 23 people to type a series of randomly generated pins and passwords into a text box as if they were logging into an online account while wearing the EEG.
Their password-nicking software quickly learnt which number corresponded with a specific muscle movement or "brainwave".
Hackers could exploit this, they claim, by getting someone playing a game using a headset to enter a set of numbers shown on screen after pausing for a break.
The hidden program would prompt an annoying CAPTCHA-style box in which users type set of letters to prove "I'm not a robot" so it could figure out someone's signature brainwaves.
The team found that after 200 characters, algorithms could make a decent guess about what the person was thinking.
MOST READ IN TECH AND SCIENCE
This could shorten the odds of a hacker's guessing a four-digit numerical PIN from one in 10,000 to one in 20 and increased the chance of guessing a six-letter password from about 500,000 to roughly one in 500, the study found.
And while it might seem like a lot of effort, if hackers send out this malicious code in batches and broke into a handful of people's bank accounts, they could still make themselves thousands of pounds in a very short amount of time.
"Given the growing popularity of EEG headsets and the variety of ways in which they could be used, it is inevitable that they will become part of our daily lives, including while using other devices," Saxena said.
"It is important to analyse the potential security and privacy risks associated with this emerging technology to raise users' awareness of the risks and develop viable solutions to malicious attacks."
We pay for your stories! Do you have a story for The Sun Online news team? Email us at tips@the-sun.co.uk or call 0207 782 4368
