Hackers can use brainwave signals to steal passwords
EEG headsets are growing increasingly popular, especially amongst gamers
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Hackers can steal passwords and PINs by analysing your brainwave signals, a new study has found.
Researchers from the University of Alabama at Birmingham and the University of California Riverside collected data from electroencephalography (EEG) headsets, which sense the electrical activity inside a person’s brain.
They’re growing increasingly popular amongst gamers, who can use them to control characters using their brain signals.
Crucially, however, EEG headsets also monitor your brainwaves when you’re not playing.
Users who paused a game but left their EEG headset on while checking their password-protected accounts could be vulnerable to hackers, the researchers found.
They asked 12 people to use a physical keyboard to type a series of randomly generated PIN numbers and passwords into a text box while wearing a headset.
After they had entered 200 characters, an algorithm created by the researchers was able to make educated guesses about the PINs with a 43.4 per cent success rate, and six-character passwords with 37.3 per cent accuracy.
“These emerging devices open immense opportunities for everyday users. However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology,” said Nitesh Saxena, one of the study’s authors.
Facebook is working on mind-reading technologies that would let you type words “directly from your brain”.
It’s an ambitious vision that has caused concern amongst privacy advocates, and the company has refused to confirm or deny if it will use people’s thoughts to sell ads.
“In a real-world attack, a hacker could facilitate the training step required for the malicious program to be most accurate, by requesting that the user enter a predefined set of numbers in order to restart the game after pausing it to take a break, similar to the way CAPTCHA is used to verify users when logging onto websites,” added Saxena.
The researchers have called for EEG headset manufacturers to start disrupting the signals when a user is logging into accounts.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments