A team at the University of Alabama at Birmingham found brainwave-sensing headsets, also known as EEG or electroencephalograph headsets, put users at risk.
They have become commonplace both as medical devices but also as game controllers, ranging in price from $150 to $800.
Elon Musk's latest company Neuralink is working to link the human brain with a machine interface by creating micron-sized devices.
Neuralink was registered in California as a 'medical research' company last July, and he plans on funding the company mostly by himself.
It will work on what Musk calls the 'neural lace' technology, implanting tiny brain electrodes that may one day upload and download thoughts.
He said 'neural laces' will help people with severe brain injuries in just four years.
And in eight to ten years, the Matrix-style technology will be available to everyone, he added.
'These emerging devices open immense opportunities for everyday users,' said Nitesh Saxena, Ph.D., associate professor in the UAB College of Arts and Sciences Department of Computer and Information Sciences.
'However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology.'
The team found that a person who paused a video game and logged into a bank account while wearing an EEG headset was at risk for having their passwords or other sensitive data stolen by a malicious software program.
Saxena and his team used one EEG headset currently available to consumers online and one clinical-grade headset used for scientific research to demonstrate how easily a malicious software program could passively eavesdrop on a user's brainwaves.
While typing, a user's inputs correspond with their visual processing, as well as hand, eye and head muscle movements.
All these movements are captured by EEG headsets.
The team asked 12 people to type a series of randomly generated PINs and passwords into a text box as if they were logging into an online account while wearing an EEG headset, in order for the software to train itself on the user's typing and the corresponding brainwave.
EEG headsets are advertised as allowing users to use only their brains to control robotic toys and video games
EEG has been used in the medical field for more than half a century as a noninvasive method for recording electrical activity in the brain.
Electrodes are placed on the surface of the scalp to detect brain waves.
An EEG machine then amplifies the signals and records them in a wave pattern on graph paper or a computer.
EEG can be combined with a brain-computer interface to allow a person to control external devices.
This technology was once highly expensive and used mostly for scientific research, like the production of neuroprosthetic applications to help disabled patients control prosthetic limbs by thinking about the movements.
However, it is now being marketed to consumers in the form of a wireless headset and is becoming popular in the gaming and entertainment industries.
EEG headsets are advertised as allowing users to use only their brains to control robotic toys and video games specifically developed to be played with an EEG headset.
There are only a handful on the market, and they range in price from $150 to $800.
'In a real-world attack, a hacker could facilitate the training step required for the malicious program to be most accurate, by requesting that the user enter a predefined set of numbers in order to restart the game after pausing it to take a break, similar to the way CAPTCHA is used to verify users when logging onto websites,' Saxena said.
'These emerging devices open immense opportunities for everyday users.
'However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology.'
The team found that, after a user entered 200 characters, algorithms within the malicious software program could make educated guesses about new characters the user entered by monitoring the EEG data recorded.
No comments:
Post a Comment