by Brooks Hays
Washington (UPI) Jul 3, 2017
Hackers could tap into your brainwaves to steal sensitive passwords,warn researchers at the University of Alabama, Birmingham.
A new study suggests EEG headsets, the set of electrodes that records brain activity, are hackable. By observing a person's brainwaves as their surf the internet, hackers could glean neural patterns and successfully guess a user's password.
Though EEG headsets are mostly used in research, there are now several models on the open market, mostly advertised to video and computer game players. EEGs can tap into a person's brain power to remotely control robotic toys and video games.
Observing an EEG-wearer as he or she plays video games may not be all that worthwhile for hackers. But what if a user takes a break from gameplay to surf the web? And what if that person then logins into their online banking account?
"We do believe that this is going to be a real problem in the future as more and more of these BCI [brain-computer interface] devices get deployed for gaming and other day to day applications," Nitesh Saxena, an associate professor of computer and information sciences at UAB, told UPI via email. "The hacking scenario could involve such a switching between the gaming application and a website login."
"Many people already use these headsets for gaming purposes and they could be logging into different websites while wearing these," Saxena added.
Saxena and his colleagues conducted a proof-of-concept study to demonstrate the risks. The computer scientists had study participants type several randomly generated PINs and passwords on a keyboard while wearing an EEG headset. Software was then used to analyze each user's brainwaves as they typed the passwords.
Saxena says hackers could replicate this training stage of their experiment by having a user type in a series of numbers to restart a paused game, similar to how some websites use the text replication system known as CAPTCHA to distinguish between humans and bots.
Record users typing in random text enough times and computer algorithms can link letters to brainwaves, allowing the software to guess a user's password based on brain activity.
The software developed by Saxena and his colleagues was able to learn sufficient patterns after study participants had typed 200 characters.
"The algorithm was able to shorten the odds of a hacker's guessing a four-digit numerical PIN from one in 10,000 to one in 20 and increased the chance of guessing a six-letter password from about 500,000 to roughly one in 500," scientists confirmed in a news release.
Researchers say the security risk could be fixed by designing EEG headsets to emit obscuring electronic noise, disguising brainwaves, while users type in codes or passwords.
Washington (UPI) Jun 29, 2017
Israel Aerospace Industries' Cyber Division is investing in companies in Holland and Hungary to expand its research and development activities in the field. These investments join IAI's cyber-operations in Israel, Switzerland and Singapore, where it operates R&D and innovation centers, the company said when making the announcement on Thursday. "Our investments in local software c ... read more
Cyberwar - Internet Security News - Systems and Policy Issues
|The content herein, unless otherwise known to be public domain, are Copyright 1995-2017 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement|