Hacker can read passwords from your mind !

What if I told you that hackers can read your mind for passwords and PINS to your bank accounts. Seems like the movie Inception doesn’t it? but not quite. BCI (Brain Computer Interface) and Brain wave Tech are technologies that can interact with our brain directly or indirectly, gather data and process it to provide useful applications.

Phew–I wrote a lot a stuff up there, But what are BCI or Brain wave technologies ? and How can hackers find our password?  Let me break them for you.

Brain the next frontier :

As mentioned earlier BCI and brain wave technologies gather data from our brain directly or indirectly. Data like emotion, muscle movement, eye movement, brain activities and brain waves can be captured processed by machines or computers and serve as a better application.

The currently technologies that are available to consumers are external sensors that monitor brain waves and other cognitive data from the person. Invasive and risky technologies like implants are not available to the general public.

BCI–the lucrative minefield for hackers :

With a recent experimental study to demonstrate the vulnerabilites of BCI technologies, we find that hackers can quite literally read passwords from a victims mind. Here is an excerpt from Deccan Chronicle about their study :

Hackers can guess a user’s passwords by monitoring their thoughts, according to scientists including those of Indian origin who suggest that brainwave-sensing headsets need better security.

Electroencephalograph (EEG) headsets allow users to control robotic toys and video games with the mind.

Researchers at the University of Alabama at Birmingham in the US found that a person who paused a video game and logged into a bank account while wearing an EEG headset was at risk for having their passwords or other sensitive data stolen by a malicious software programme.

“These emerging devices open immense opportunities for everyday users,” said Nitesh Saxena, associate professor from University of Alabama.

“However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology,” said Saxena.

The team, including PhD student Ajaya Neupane, used one EEG headset currently available to consumers online and one clinical-grade headset used for scientific research to demonstrate how easily a malicious software programme could passively eavesdrop on a user’s brainwaves.

While typing, a user’s inputs correspond with their visual processing, as well as hand, eye and head muscle movements. All these movements are captured by EEG headsets.

The team asked 12 people to type a series of randomly generated PINs and passwords into a text box as if they were logging into an online account while wearing an EEG headset, in order for the software to train itself on the user’s typing and the corresponding brainwave.

“In a real-world attack, a hacker could facilitate the training step required for the malicious programme to be most accurate, by requesting that the user enter a predefined set of numbers in order to restart the game after pausing it to take a break, similar to the way CAPTCHA is used to verify users when logging onto websites,” Saxena said.

The team found that, after a user entered 200 characters, algorithms within the malicious software programme could make educated guesses about new characters the user entered by monitoring the EEG data recorded.

The algorithm was able to shorten the odds of a hacker’s guessing a four-digit numerical PIN from one in 10,000 to one in 20 and increased the chance of guessing a six-letter password from about 500,000 to roughly one in 500.

“Given the growing popularity of EEG headsets and the variety of ways in which they could be used, it is inevitable that they will become part of our daily lives, including while using other devices,” Saxena said.

“It is important to analyse the potential security and privacy risks associated with this emerging technology to raise users’ awareness of the risks and develop viable solutions to malicious attacks,” he said.

The ambiguous future:

The arise of BCI technology can affect our lives by even invading our last fort of privacy – the mind. As dangerous as it may sound, it unlocks unparalleled applications for humanity to make use of. Communications can become a lot simpler, faster. It can help visually challenged or vocally challenged people to communicate to the world like normal people.


The risk of malicious people and their malicious intent has existed from time to time. In every instance of history when new technology came to revolutionize the world, equal and  spiteful things arose from the sides. But if malevolence was the only thing we had concentrated on, we would not have existed as a race.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s