1. Home
  2. Hackers can steal PINs, passwords from your brainwaves: study

Hackers can steal PINs, passwords from your brainwaves: study

[email protected] (Agencies)
July 1, 2017

Washington, Jul 1: Hackers can guess a user's passwords by monitoring their thoughts, according to scientists including those of Indian origin who suggest that brainwave-sensing headsets need better security.brain

Electroencephalograph (EEG) headsets allow users to control robotic toys and video games with the mind.

Researchers at the University of Alabama at Birmingham in the US found that a person who paused a video game and logged into a bank account while wearing an EEG headset was at risk for having their passwords or other sensitive data stolen by a malicious software programme.

"These emerging devices open immense opportunities for everyday users," said Nitesh Saxena, associate professor from University of Alabama. "However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology," said Saxena.

The team, including PhD student Ajaya Neupane, used one EEG headset currently available to consumers online and one clinical-grade headset used for scientific research to demonstrate how easily a malicious software programme could passively eavesdrop on a user's brainwaves.

While typing, a user's inputs correspond with their visual processing, as well as hand, eye and head muscle movements. All these movements are captured by EEG headsets.

The team asked 12 people to type a series of randomly generated PINs and passwords into a text box as if they were logging into an online account while wearing an EEG headset, in order for the software to train itself on the user's typing and the corresponding brainwave.

"In a real-world attack, a hacker could facilitate the training step required for the malicious program to be most accurate, by requesting that the user enter a predefined set of numbers in order to restart the game after pausing it to take a break, similar to the way CAPTCHA is used to verify users when logging onto websites," Saxena said.

The team found that, after a user entered 200 characters, algorithms within the malicious software programme could make educated guesses about new characters the user entered by monitoring the EEG data recorded.

The algorithm was able to shorten the odds of a hacker's guessing a four-digit numerical PIN from one in 10,000 to one in 20 and increased the chance of guessing a six-letter password from about 500,000 to roughly one in 500.

"Given the growing popularity of EEG headsets and the variety of ways in which they could be used, it is inevitable that they will become part of our daily lives, including while using other devices," Saxena said.

"It is important to analyse the potential security and privacy risks associated with this emerging technology to raise users' awareness of the risks and develop viable solutions to malicious attacks," he said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
January 20,2020

Washington D.C., Jan 20: An American bride asked for money from her invitees so that they can be on the 'exclusive guest list'.

Weddings can be surely expensive. But is it feasible for one to charge the guests to make up for the expenses?

According to Fox News, that is exactly what happened in a recent American wedding. A 19-year-old shared on Reddit that her cousin was getting married on Sunday and announced that she would charge 50 dollars to those who wanted to attend her wedding.

"She said that they can Venmo her money so there won't be no [sic] problems and everyone who paid will be added onto the 'exclusive guest list' which basically means you won't have to wait in line while other guests pay," wrote the user named DaintySheep.

While she refused to pay for entry into her cousin's wedding the bride-to-be contacted the elders in the family which ended up in an embarrassing situation.

"She wanted to get the money she spent on her special day back. I told her I wouldn't be able to come because this was outrageous and that I wish her well on her special day. She contacted my aunt and my aunt called me cheap and rude. My parents offered to pay for my entry, but I refused," continued the disheartened girl.

While in almost every nook and cranny of the world gifting the bride-groom with money is a tradition, asking for money from friends and family to replenish the money spent on a wedding is can be said to be a rare scenario.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 9,2020

Twitter has hinted that it is planning a paid subscription platform that can be reused by other teams in the future.

The news that the micro-blogging platform is building a subscription platform with a team codenamed "Gryphon" resulted in Twitter stock rising over 8% on Wednesday.

Twitter revealed its plan via a job listing that seeks a full-stack senior software engineer in New York to join "Gryphon".

Interestingly, Twitter "edited" the job listing once the news broke, removing the part about "Gryphon" and any mention of their internal team or their subscription feature. The listing said the company is looking for an Android engineer to "work on a bevy of backend engineering teams to build components that allow for experimentation to deliver the best experience possible to all of our users".

Later, Twitter users noticed that the company restored the earlier job listing that mentioned the upcoming subscription platform and "Gryphon".

A spokesperson for Twitter told CNN on Wednesday that it's only a job posting, not a product announcement.

This is not the first time Twitter has thought of a paid product. 

In 2017, it sent out a survey to users and a preview of what a premium offering of its TweetDeck app might look like, including breaking news alerts and more analytics, according to The Verge.

"We're conducting this survey to assess the interest in a new, more enhanced version of Tweetdeck. We regularly conduct user research to gather feedback about people's Twitter experience and to better inform our product investment decisions, and we're exploring several ways to make TweetDeck even more valuable for professionals," a Twitter spokesperson had said at that time.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 4,2020

Twitter has joined efforts to do away with racially loaded terms such as master, slave and blacklist from its coding language in the wake of the death of African-American George Floyd and ensuing Black Lives Matter protests.

The project started even before the current movement for racial justice escalated following the death of 46-year-old George Floyd in police custody in May.

The use of terms such as "master" and "slave" in programming language originated decades ago. While "master" is used to refer to the primary version of a code, "slave" refers to the replicas. Similarly, the term "Blacklist" is used to refer to items which are meant to be automatically denied.

The efforts to change these terms in favour of more inclusive language at Twitter were initiated by Regynald Augustin and Kevin Oliver and the microblogging platform is now backing their efforts.

"Inclusive language plays a critical role in fostering an environment where everyone belongs. At Twitter, the language we have been using in our code does not reflect our values as a company or represent the people we serve. We want to change that. #WordsMatter," Twitter's engineering team said in a post on Thursday.

As per the recommendations from the team, the term "whitelist" could be replaced by "allowlist" and "blacklist" by "denylist".

Similarly, "master/slave" could be replaced by "leader/follower", "primary/replica" or "primary/standby".

Twitter, however, is not the first to start a project to bring inclusivity in programming language.

According to a report in CNET, the team behind the Drupal online publishing software started using "primary/replica" in place of "master/slave" as early as in 2014.

The use of the terms "master/slave" was also dropped by developers of the Python programming language in 2018.

Now similar efforts are underway at Microsoft's Github and LinkedIn divisions as well, said the report.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.