MIAMI (CBSMiami) — Hackers can use brainwave-sensing headsets, used in toys and video games, to steal your passwords, a new study suggests.
The so called EEG headsets are advertised as letting users control robotic toys and games with only their brains and they’re only growing in popularity.
Researchers at the University of Alabama say the headsets need better security.
Nitesh Saxena, an associate professor at UAB was one of the researchers who found that a person who paused the video game and then logged into an account requiring a password while wearing the headsets would put themselves at risk of having their sensitive information stolen by a malicious software program.
“These emerging devices open immense opportunities for everyday users,” Saxena said. “However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology.”
Saxena along with other researchers used one of the headsets available to the public and another clinical grade one mostly used for research in order to show how easily hackers could eavesdrop on a user’s brainwaves without them knowing.
Those who took part in the study were asked to log into an account while wearing the headset. The whole process was captured by the headsets from the visual to the hand, eye, and head muscle movements.
They found that after 200 characters were entered, the malicious software could shorten the odds of a hacker’s guessing a four-digit numerical pin from 1 in 10,000 to 1 in 20. It also increased their chance of guessing a six letter password from about 1 in 500,000 to 1 in 500.
It’s a major concern as this technology continues to grow in popularity.
“Given the growing popularity of EEG headsets and the variety of ways in which they could be used, it is inevitable that they will become part of our daily lives, including while using other devices,” Saxena said. “It is important to analyze the potential security and privacy risks associated with this emerging technology to raise users’ awareness of the risks and develop viable solutions to malicious attacks.”