How Hackers Guess PINs, Passwords Via Brainwaves

hackers
Electroencephalograph (EEG) headsets

By Oladipupo Mojeed

Some facts have emerged that hackers can guess a user’s passwords by monitoring their thoughts through  brainwave-sensing headsets.

Electroencephalograph (EEG) headsets allow users to control robotic toys and video games with the mind.

Researchers at the University of Alabama, Birmingham, US, found that people who paused a video game and logged into a bank account, wearing an EEG headset, were at risk of having their passwords or other sensitive data stolen by a malicious software programme.

“These emerging devices open immense opportunities for everyday users,” said Nitesh Saxena, associate professor from University of Alabama.

““However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology,” said Saxena.

EEG headset

The team used one EEG headset currently available to consumers online and one clinical-grade headset used for scientific research to demonstrate how easily a malicious software programme could passively eavesdrop on a user’s brainwaves.

While typing, a user’s inputs correspond with their visual processing, as well as hand, eye and head muscle movements. All these movements are captured by EEG headsets.

The team asked 12 people to type a series of randomly generated PINs and passwords into a text box as if they were logging into an online account while wearing an EEG headset, in order for the software to train itself on the user’s typing and the corresponding brainwave.

The team found that, after a user entered 200 characters, algorithms within the malicious software programme could make educated guesses about new characters the user entered by monitoring the EEG data recorded.

The algorithm was able to shorten the odds of a hacker’s guessing a four-digit numerical PIN from one in 10,000 to one in 20 and increased the chance of guessing a six-letter password from about 500,000 to roughly one in 500.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *