New headset devices that are capable of scanning and identifying the power of brain signals are high tech additions to the world of gaming. Yet a new study finds that hackers could theoretically also hijack the technology to access private information such as passwords and ATM pin codes.
A University of Alabama at Birmingham research group has suggested that devices which operate using brain signal monitoring, like electroencephalography (EEG), may be a future tool for cyber thieves.
They conducted tests with two EEG headsets, one clinical and the other a commercial product available to consumers, where Professor Nitesh Saxena was able to actually formulate a way to eavesdrop on people’s neural signals.
The attack strategy known as PEEP, described as an advanced type of keylogging, where common hackers continuously record data via a virus, or determine the input of keystrokes on a keyboard through sound analysis, is relevant to how this would work on the headset.
Using the gaming industry as an example, the “Passively Eavesdropping Private Input” study explains how a hacker could trick a person into downloading a scam app onto their EEG device that would monitor their brain signals.
Once installed such a malicious app could then also ask them to enter a specific number or numerical values while wearing the headset.
The study wrote, “The developer can claim such codes will secure the game from being played by other users who has access to the computer. The attacker can then process the numeric or alphabetical code and neural signals corresponding to them to extract features.”
By then processing brain signals with the values inputted, the researchers suggest that numerical or alphabetical characters could be determined via an algorithm. The study suggests that the odds of guessing a four-digit pin could be shortened to one in 20 versus one in 10,000.
Professor Saxena said that, “In a real-world attack, a hacker could facilitate the training step required for the malicious program to be most accurate, by requesting that the user enter a predefined set of numbers to restart the game after pausing it to take a break, similar to the way the CAPTCHA is used to verify users when logging onto website.”
“Given the growing popularity of EEG headsets and the variety of ways in which they could be used, it is inevitable that they will become part of our daily lives,” Saxena added.