From Wired: So you thought your passwords were memorized and totally secure? Think again. Do you really want to bank online? These discoveries and devices are gamechangers, and the game is life as we know it.
- | Edit
Don’t you dare even think about your banking account password when you slap on those fancy new brainwave headsets.
Or at least that seems to be the lesson of a new study which found
that sensitive personal information, such as PIN numbers and credit
card data, can be gleaned from the brainwave data of users wearing
popular consumer-grade EEG headsets.
A team of security researchers from Oxford, UC Berkeley, and the
University of Geneva say that they were able to deduce digits of PIN
numbers, birth months, areas of residence and other personal
information by presenting 30 headset-wearing subjects with images of
ATM machines, debit cards, maps, people, and random numbers in a series
of experiments. The paper, titled “On the Feasibility of Side-Channel Attacks with Brain Computer Interfaces,” represents the first major attempt to uncover potential security risks in the use of the headsets.
“The correct answer was found by the first guess in 20% of the cases
for the experiment with the PIN, the debit cards, people, and the ATM
machine,” write the researchers. “The location was exactly guessed for
30% of users, month of birth for almost 60% and the bank based on the
ATM machines for almost 30%.”
To detect the first digit of the PIN, researchers presented the
subjects with numbers from 0 to 9, flashing on the screen in random
order, one by one. Each number was repeated 16 times, over a total
duration of 90 seconds. The subjects’ brainwaves were monitored for
telltale peaks that would rat them out
The EEG headsets, made by companies such as Emotiv Systems and
NeuroSky, have become increasingly popular for gaming and other
applications. For the study, the researchers used the Emotiv Epoc Neuroheadset, which retails for $299…