Hackers could soon delve into your thoughts via brainwave-sensing devices. Security experts are sounding the alarm about wearable gadgets using EEG signals to detect emotions and control devices such as robots. Experts say such devices can be exploited by hackers to gain access to sensitive and personal data.
A handful of brainwave-sensing devices are already available in the market. One such device, the $800 (£618) Epoch + headset, designed by Emotiv, has been designed to convert your brain's EEG signals to commands that can help you control other devices such as PCs. According to MIT Technology Review, EEG headsets such as the Epoch + can be used by cybercriminals to guess people's passwords and other private data.
A new study conducted by Nitesh Saxena, associate professor at the University of Alabama, also shows how this kind of technology can be abused for more nefarious purposes. The study involved participants typing in random passwords and PIN numbers, while the AI (Artificial Intelligence) software learnt to link between their typing and brainwaves. After observing a participant input a mere 200 characters, the AI was able to predict new characters being typed.
Although the AI predictions weren't 100% accurate, the chances of guessing a four-digit PIN number were reduced from one in 10,000 to one in 20.
"I would say it's a risk for today's devices, and with more advanced devices much more could be done in the future," said Saxena, commenting on the possibilities of private data being stolen with a brain interface. "People need to think though the privacy and security models of these interfaces."
Emotiv dismissed the claims of the study, saying that such an attack would be impractical. However, researchers say that although brainwave-sensing devices such as the Epoch +, which are advertised as high-tech gaming gadgets, are currently at the infancy stage, cybercriminals in the future could potentially exploit games that require people to input data, to virtually hack into their brainwaves.
However, according to IOActive security researcher Alejandro Hernández, who has reviewed EEG hardware and other related software security, the attack scenario as outlined by the study is "100% feasible", given how numerous EEG software are easily hackable.
The University of Alabama study is backed up by researchers at the University of Washington, who have already demonstrated another way to grab data via EEG wearables. This involved creating games that subtly flashed images like bank logos and recorded brain activity when a person's brainwaves registered recognition. According to Tamara Bonaci, a researcher involved in the University of Washington study, such techniques could be valuable in providing data for designing phishing attacks, ads and more.
With tech giants such as Facebook and Elon Musk's Neuralink among those already working on advanced brain interface, it is feared that cyberthreats in this area may soon become a reality.