Brain Interfaces Can Open Private Data to Hackers

Despite their high-tech nature, brainwave readers have cybersecurity flaw just like other devices.

May 7, 2017 5:00 am

New research adds to concern surrounding the security of brain-interface devices that Facebook and Elon Musk’s Neuralink are developing.

In a recent study, University of Alabama at Birmingham professor Nitesh Saxena demonstrated how brain waves can give away sensitive data like PINs and passwords.

Brainwave-sensing headsets, like the Epoc+, are the first among what will soon be a crowded market of devices interacting directly with human grey matter. The headsets monitor electrical currents in the brain, called electroencephalography, or EEG.

The same technique is used in VR headsets and sold as controllers for video, Technology Review reports. EEG is also used in research and medical settings for controlling robots or bionic limbs.

Saxena explored a scenario where someone wearing the Epoc+ headset, made by Emotiv, signed into their bank account during a break from gaming. By monitoring his brain waves during this activity, a simulated malicious software was able to randomly generate a series of possible matches until the right one worked. Far from perfect, the software narrowed down the odds of picking a four-digit pin to 1-in-20 and a six-letter password to 1-in-500.

That’s still too close for cybersecurity comfort.

Watch another Emotiv headset in action on NFL quarterback Paxton Lynch below.

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.