Could hackers tune into your brainwaves and steal your passwords?

Could hackers tune into your brainwaves and steal your passwords?
Scientists say greater security is needed for EEG devices
Scientists say greater security is needed for EEG devices
View 1 Image
Scientists say greater security is needed for EEG devices
Scientists say greater security is needed for EEG devices

While the widespread use of devices that monitor brainwaves might sound like a long way off, key figures like Elon Musk are investing big time and money in making them a reality. With one eye on this future, scientists have carried out a study to find out whether these things can be hacked and the brainwaves interpreted to decipher a password, with the findings suggesting that it is in fact entirely possible.

Today these kinds of devices take the form of electroencephalograph (EEG) headsets, with a few consumer options floating around, or more complicated versions for research purposes in the lab. But they won't always look that way, with scientists already chipping away at much more discreet solutions that resemble nothing more than sand-sized sensors inside your brain.

Whether inside the brain or out, these devices all work by measuring electrical signals coming from the brain as it goes about certain activities, converting those readings into input commands for a variety of applications, including drones, wheelchairs and prosthetic limbs.

This capability led scientists at the University of Alabama at Birmingham (UAB) to ponder how those readings could be used for nefarious purposes. So they conducted a study where 12 subjects were fitted with either a currently available EEG headset or a clinical-grade version, and were asked to enter a series of random PIN codes and passwords into a text box, simulating the act of logging into an online account.

The researchers then had a malicious software program train itself by taking cues from the user's typing and corresponding brainwaves. They found that after the user had entered around 200 characters, the software could make smarter guesses about the characters being entered based on nothing other than the corresponding brainwaves it had picked up.

So much so, that the odds of it guessing a four-digit PIN were shortened from one in 10,000 to one in 20. The chances of guessing a six-letter password were shortened from around one in 500,000 to around one in 500. The researchers say these results indicate that greater security is needed for these devices as they become more commonplace. One suggestion they have is the insertion of noise to drown out the brainwaves whenever a user is made to enter a PIN or a password.

"Given the growing popularity of EEG headsets and the variety of ways in which they could be used, it is inevitable that they will become part of our daily lives, including while using other devices," says Nitesh Saxena, associate professor at UAB and leader of the research. "It is important to analyze the potential security and privacy risks associated with this emerging technology to raise users' awareness of the risks and develop viable solutions to malicious attacks."

The research paper can be accessed online.

Source: University of Alabama at Birmingham

''Could hackers tune into your brainwaves and steal your passwords?'' NO!, I cant remember the damn things myself, so no one else is likely to be able to tap into my brain and find them. I keep them written down in an address book, so I dont have to remember them. Question is, even if they can find a password in someones brain, how would they decide which password applies to what?
Gizzy Magpie
This is precisely what happens in the novel "Freedom" by Daniel Suarez. Using an MRI scanning technique and an AI voice-guided prompt, alpha-numeric information is extracted, not by commission, but by omission. Brilliant. (one of the best Sci Fi books I've ever read, mostly because everything in it is coming sooner than later)
I'm with Nik, I make up total garbage gibberish psswd's and keep a spreadsheet for most part and copy paste as needed! Google knows em too. Google knows em too.
Yeah but what's really going to bake your cookie is they don't have to steal them, they already them. And have selectively implanted them via light waves into your eyes which fed your brain via electrical impulses those very passwords you thought you selected at random, but weren't so random at all.