1. Home
  2. Hackers can steal PINs, passwords from your brainwaves: study

Hackers can steal PINs, passwords from your brainwaves: study

[email protected] (Agencies)
July 1, 2017

Washington, Jul 1: Hackers can guess a user's passwords by monitoring their thoughts, according to scientists including those of Indian origin who suggest that brainwave-sensing headsets need better security.brain

Electroencephalograph (EEG) headsets allow users to control robotic toys and video games with the mind.

Researchers at the University of Alabama at Birmingham in the US found that a person who paused a video game and logged into a bank account while wearing an EEG headset was at risk for having their passwords or other sensitive data stolen by a malicious software programme.

"These emerging devices open immense opportunities for everyday users," said Nitesh Saxena, associate professor from University of Alabama. "However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology," said Saxena.

The team, including PhD student Ajaya Neupane, used one EEG headset currently available to consumers online and one clinical-grade headset used for scientific research to demonstrate how easily a malicious software programme could passively eavesdrop on a user's brainwaves.

While typing, a user's inputs correspond with their visual processing, as well as hand, eye and head muscle movements. All these movements are captured by EEG headsets.

The team asked 12 people to type a series of randomly generated PINs and passwords into a text box as if they were logging into an online account while wearing an EEG headset, in order for the software to train itself on the user's typing and the corresponding brainwave.

"In a real-world attack, a hacker could facilitate the training step required for the malicious program to be most accurate, by requesting that the user enter a predefined set of numbers in order to restart the game after pausing it to take a break, similar to the way CAPTCHA is used to verify users when logging onto websites," Saxena said.

The team found that, after a user entered 200 characters, algorithms within the malicious software programme could make educated guesses about new characters the user entered by monitoring the EEG data recorded.

The algorithm was able to shorten the odds of a hacker's guessing a four-digit numerical PIN from one in 10,000 to one in 20 and increased the chance of guessing a six-letter password from about 500,000 to roughly one in 500.

"Given the growing popularity of EEG headsets and the variety of ways in which they could be used, it is inevitable that they will become part of our daily lives, including while using other devices," Saxena said.

"It is important to analyse the potential security and privacy risks associated with this emerging technology to raise users' awareness of the risks and develop viable solutions to malicious attacks," he said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 19,2020

Cybersecurity researchers on Monday warned of a Trojan malware campaign which is targeting India's co-operative banks using COVID-19 as a bait.

Seqrite, the enterprise arm of IT security firm Quick Heal Technologies, detected the new wave of Adwind Java Remote Access Trojan (RAT) campaign.

Researchers at Seqrite warned that if attackers are successful, they can take over the victim's device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds.

According to the researchers, the Java RAT campaign starts with a spear-phishing email which claims to have originated from either the Reserve Bank of India or a nationalised bank.

The content of the email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware.

Upon further investigation, researchers at Seqrite found that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled and hence it can impact a variety of endpoints, irrespective of their base operating system.

Once the RAT is installed, the attacker can take over the victim's device, send commands from a remote machine, and spread laterally in the network.

In addition, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information, Seqrite said, adding that such attack campaigns can effectively jeopardise the privacy and security of sensitive data at the co-operative banks and result in large scale attacks and financial frauds.

To prevent such attacks, users need to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails.

Banks should also keep their operating systems updated and have a full-fledged security solution installed on all the devices, Seqrite advised.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
January 26,2020

New Delhi, Jan 26: Google on Sunday marked India's 71st Republic Day by dedicating a doodle illustrating the country's rich cultural heritage that permeates and unites the diverse nation.

From its world-famous landmarks like the Taj Mahal and India Gate, to the wide array of fauna such as its national bird (the Indian peafowl), to classical arts, textiles, and dances, the doodle, designed by Singapore-based artist Meroo Seth, brings together the rich cultural heritage of the country.

Republic Day marks the completion of India's transition towards becoming an independent republic after its constitution came into effect. The governing document had taken nearly three years of careful deliberation to finalise, and its eventual enactment was joyfully celebrated across the country.

While the Constitution was adopted by the Indian Constituent Assembly on 26 November 1949, it came into effect on January 26 -- a day when Declaration of Indian Independence (Purna Swaraj) was proclaimed by the Indian National Congress back in 1929, as opposed to the Dominion status offered by the British Regime.

Festivities embody the essence of diversity found in one of the world's most populous nations, celebrated over a three-day period with cultural events displaying national pride.

Last year's doodle on Republic Day, designed by artist Reshidev RK, had featured Rashtrapati Bhavan in the background along with a display of the country's iconic monuments and heritage.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
March 3,2020

Facebook on Monday launched a new consumer marketing campaign in India titled 'More Together'. India is the first country in the Asia Pacific region where such a campaign is being rolled out.

It is also the first time that Facebook is rolling out a 'high decibel campaign of this stature in India', the company said in a statement.

It is also the first time that Facebook is rolling out a 'high decibel campaign of this stature in India', the company said in a statement.

"India is at the heart of Facebook and one of our focus areas this year is to tell the exciting story of a service that is deeply embedded in the fabric of India," said Ajit Mohan, Vice President and Managing Director, Facebook India.

The campaign would have multiple campaigns over the next few weeks in eight languages and the one will be set in the context of Holi.

Facebook in 2019 introduced a new company logo to further distinguish the company from the Facebook app.

The company recently announced the appointment of Avinash Pant as the Marketing Director for India operations, to drive the consumer marketing efforts across the family of apps.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.