Facebook is working on mind-reading technologies that would let you type words 'directly from your brain'
Facebook is working on mind-reading technologies that would let you type words 'directly from your brain'

Hackers can use brainwave signals to steal passwords

EEG headsets are growing increasingly popular, especially amongst gamers

Aatif Sulleyman
Friday 30 June 2017 18:20
Comments

Hackers can steal passwords and PINs by analysing your brainwave signals, a new study has found.

Researchers from the University of Alabama at Birmingham and the University of California Riverside collected data from electroencephalography (EEG) headsets, which sense the electrical activity inside a person’s brain.

They’re growing increasingly popular amongst gamers, who can use them to control characters using their brain signals.

Crucially, however, EEG headsets also monitor your brainwaves when you’re not playing.

Users who paused a game but left their EEG headset on while checking their password-protected accounts could be vulnerable to hackers, the researchers found.

They asked 12 people to use a physical keyboard to type a series of randomly generated PIN numbers and passwords into a text box while wearing a headset.

After they had entered 200 characters, an algorithm created by the researchers was able to make educated guesses about the PINs with a 43.4 per cent success rate, and six-character passwords with 37.3 per cent accuracy.

“These emerging devices open immense opportunities for everyday users. However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology,” said Nitesh Saxena, one of the study’s authors.

Facebook is working on mind-reading technologies that would let you type words “directly from your brain”.

It’s an ambitious vision that has caused concern amongst privacy advocates, and the company has refused to confirm or deny if it will use people’s thoughts to sell ads.

“In a real-world attack, a hacker could facilitate the training step required for the malicious program to be most accurate, by requesting that the user enter a predefined set of numbers in order to restart the game after pausing it to take a break, similar to the way CAPTCHA is used to verify users when logging onto websites,” added Saxena.

The researchers have called for EEG headset manufacturers to start disrupting the signals when a user is logging into accounts.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in