UAB research team finds a way to hack your brain (and maybe to protect it)

tinfoil-hat-guy
tinfoil-hat-guy
This might or might not be Ivan Gleb, who founded an online store selling tinfoil hats. – via nationstates.net

You know the stereotype: the tinfoil-hat-wearing conspiracy theorist raving about the government scanning your brain.  While that remains a far cry off from the truth, researchers at UAB have shown that your local conspiracy buff might have a point (soon)!

What’s up, doc?

Medical technology has come a long way since electroencephalograph (EEG) machines needed a room of their own and a supply of conductive gel paste to work.  Portable, personal EEG monitors have made headway into the world of gamers and meditation buffs.  Whether it be MUSE, EMOTIV, or even a home-brew machine, EEG offers the potential to read and interpret the entirety of your brain signals via computer.  I think you might be able to see where this is going.

nitesh saxena cybersecurity eeg
Nitesh Saxena, Ph.D. and the Birminghamian behind the research- via uab.edu

“Hackers can read your mind” might not sound very zen.  Fortunately, there is a brighter future thanks to UAB.  Nitesh Saxena, Ph.D., Ajaya Neupane, and Lutfor Rahman have found a method to capture brain signals.  Because researchers found this first, there remains a chance for pre-emptive security!  I far prefer this to having companies play catch-up.

How it all works

The attack relies on access to the device recording and interpreting the victim’s brain-signals.  This includes phones or computers – meditation apps regularly come bundled with the EEG devices.  This makes the security of the phone or computer more important than the actual password you use!  After a “control” test of as little as 120 characters, the network can guess what buttons you press on an ATM with almost 50% accuracy.

I doubt there’s an app that measures brain activity like this – via uab.edu

There are no recorded incidents of this attack’s use (yet), but that’s no reason not to read up on computer security!  I also wrote a crash course on keeping control of your data and your devices, and it remains relevant today.  But I’d add one more thing: if you’re a meditation buff who owns a personal EEG trainer, take it off before you type in any passwords!

Author: James Ozment

I'm a Birmingham native who loves music, cycling, reading, and tech. Find me on the campus of Birmingham-Southern College, in Avondale, or hanging out with my cat