• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • Research
  • Publications
  • People
  • Teaching
  • Media Outreach
  • News
  • AI Spies News

SPIES Lab, Computer Science and Engineering

Texas A&M University College of Engineering

PEEP

Passively Eavesdropping Private Input via Brainwave Signals

New emerging devices open up immense opportunities for everyday users. At the same time, they may raise significant security and privacy threats. One such device, forming the central focus of this work, is an EEG headset, which allows a user to control her computer only using her thoughts.
In this study, we show how such a malicious EEG device or a malicious application having access to EEG signals recorded by the device can be turned into a new form of a keylogger, called PEEP, that passively eavesdrops over user’s sensitive typed input, specifically numeric PINs and textual passwords, by analyzing the corresponding neural signals. PEEP works because user’s input is correlated with user’s innate visual processing as well as hand, eye, and head muscle movements, all of which are explicitly or implicitly captured by the EEG device.
Our contributions are two-fold. First, we design and develop PEEP against a commodity EEG headset and a higher-end medical-scale EEG device based on machine learning techniques. Second, we conduct the comprehensive evaluation with multiple users to demonstrate the feasibility of PEEP for inferring PINs and passwords as they are typed on a physical keyboard, a virtual keyboard, and an ATM-style numeric keypad. Our results show that PEEP can extract sensitive in-put with an accuracy significantly higher than a random guessing classifier. Com-pared to prior work on this subject, PEEP is highly surreptitious as it only requires passive monitoring of brain signals, not deliberate, and active strategies that may trigger suspicion and be detected by the user. Also, PEEP achieves orders of magnitude higher accuracies compared to prior active PIN inferring attacks. Our work serves to raise awareness to a potentially hard-to-address threat arising from EEG devices which may remain attached to the users almost invariably soon.
 

Threat Model

Threat Model

People

Faculty

  • Nitesh Saxena

Student

  • Ajaya Neupane (@UAB; PhD 2017)
  • Md Lutfor Rahman (MS student; currently doing PhD. at UCR)

Publication

  • Disease Detector: A Disease Inference Attack Using Brainwave Signals Associated with Body Postures
    Anuradha Mandal and Nitesh Saxena
    In the International Conference on Privacy, Security and Trust (PST), 2024.
  • SoK: Your Mind Tells a Lot About You: On the Privacy Leakage   via Brainwave Devices
    Anuradha Mandal and Nitesh Saxena
    In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2022
  • PEEP: Passively Eavesdropping Private Input via Brainwave Signals
    Ajaya Neupane, Md. Lutfor Rahman and Nitesh Saxena
    In Financial Cryptography and Data Security (FC), April 2017
    [pdf]

Media Coverage

  • Using Brainwaves to Guess Passwords, MIT Technology Review, May 5, 2017
  • Hackers can use brainwave signals to steal passwords, MSN, July 3 , 2017
  • Study finds hackers could use brainwaves to steal passwords, UAB, June 28, 2017
  • Hackers could soon tap into your brainwaves to guess your passwords, IBT Times, May 9, 2017
  • Hackers could monitor your BRAINWAVES to steal passwords, Daily Mail, June 30, 2017
  • Brainwave-Reading Headsets Could Help Hackers Guess Your Password, Popular Mechanics, May 5, 2017
  • How Your Brainwaves Can Be Used To Steal Passwords And Private Data, Fossbytes, May 6, 2017
  • How hackers can hijack brainwaves to capture your passwords, ZDNet, May 8, 2017
  • Brainwave-Reading Headsets Could Help Hackers Guess Your Passwords, Yahoo Tech, May 8 , 2017
  • Tu cerebro revelará contraseñas a los hackers, Media-Tics, May 16, 2017
  • Les pirates pourraient-ils détourner vos ondes cérébrales pour subtiliser vos mots de passe Une experience suggere que cela n est pas improbable, Developpez.com, May 8, 2017
  • Piratear el cerebro para robar contraseñas, Influencers (Comunicado de prensa) (blog), May 12, 2017
  • Los pensamientos también pueden ser pirateados, tendencias21 May 14, 2017
  • Estudio revela cómo se pueden descifrar contraseñas analizando ondas cerebrales, Por Jhoanell Angulo, May 9, 2017
  • Onde cerebrali, la nuova frontiera dell’hackeraggio, Linkiesta, May 17, 2017
  • Hoe hackers wachtwoorden kunnen stelen via hersengolven, DataNews, May 8, 2017
  • Hackers could soon tap into your brainwaves to guess your passwords, secnews24, May 9, 2017
  • Hackers could soon tap into your brainwaves to guess your passwords, Europe Breaking News, May 9, 2017
  • Beware! Hackers could use your brainwaves to guess your password, Ripples Nigeria, May 9, 2017
  • Malicious Software: University Study Unveils How Headsets Can Use Brainwaves To Steal Passwords, University Herald, May 6, 2017
  • A simple neyrointerfeys for “reading” of passwords in mind , Rusbase, May 5, 2017
  • PINs and passwords easy to hack, thanks to brainwave tech, Deccan Chronicle, July 1, 2017
  • CYBER CRIMINALS COULD MONITOR YOUR BRAINWAVES IN ORDER TO STEAL PASSWORDS, Live 24 News, July 1, 2017
  • Computer Scientists: Passwords Can be Acquired from Brain Waves, InfoSecurity Magazine, June 30, 2017
  • Brainwave Tech Could Make It Easier For Hackers To Steal Passwords, IFL Science, June 30, 2017
  • Research shows brainwaves may well betray passwords to hackers (VIDEO), ZDNet, July 7, 2017
  • Hackers can steal PINs, passwords from your brainwaves: Study,  Indian Express, June 30, 2017
  • Cybercriminals could soon be able to hack your BRAINWAVES to steal passwords and empty bank accounts, scientists warn, The Sun, June 30, 2017
  • Hackers Could Use Brainwaves To Make Educated Guesses On Passwords And PINs, Silicon, June 30, 2017
  • UAB study: hackers can use brainwave-sensing headsets to steal personal information, AL.com, June 30, 2017

Recent News

  • Paper accepted to ACM CCS 2025 July 2, 2025
  • News: Security and Accessibility Gaps in Web Authentication for Blind and Visually Impaired Users June 30, 2025
  • Paper accepted to ICME 2025 June 24, 2025
  • SPIES Lab’s Browser Fingerprinting Work in the News June 23, 2025
  • Journal paper accepted to IEEE TIFS June 19, 2025
  • SPIES Lab’s Browser Fingerprinting Work Features in News June 18, 2025
  • Paper Accepted to USENIX Security 2025 June 6, 2025
  • 2 Papers Accepted to PST 2025 June 6, 2025
  • AI Spies News — BPSniff (IEEE S&P 2025) Paper News Story May 12, 2025
  • Launching the AI Spies News Channel May 12, 2025
  • Paper accepted to WiSec 2025 May 11, 2025
  • SPIES Lab’s Secure Messaging Work Features in News May 3, 2025
  • SPIES Lab Student to Start as an Assistant Professor April 18, 2025
  • Dr. Saxena’s Primer on Secure Communications in News Media March 31, 2025
  • Dr. Saxena recognized with the Dean’s Excellence Award! February 14, 2025
  • Dr. Saxena appointed as the Senior Area Editor, IEEE TIFS February 6, 2025
  • 2 Full Papers Accepted to WWW 2025 January 20, 2025
  • Journal paper accepted to IEEE TMC December 18, 2024
  • New post-doctoral researcher joins the lab December 11, 2024
  • Paper Accepted to ACM Computing Surveys 2024 November 30, 2024

© 2016–2025 SPIES Lab, Computer Science and Engineering Log in

Texas A&M Engineering Experiment Station Logo
  • College of Engineering
  • Facebook
  • Twitter
  • State of Texas
  • Open Records
  • Risk, Fraud & Misconduct Hotline
  • Statewide Search
  • Site Links & Policies
  • Accommodations
  • Environmental Health, Safety & Security
  • Employment