• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • Research Projects
  • Publications
  • People
  • Teaching
  • Media Outreach
  • News Archive

SPIES Lab, Computer Science and Engineering

Texas A&M University College of Engineering

PEEP

Passively Eavesdropping Private Input via Brainwave Signals

New emerging devices open up immense opportunities for everyday users. At the same time, they may raise significant security and privacy threats. One such device, forming the central focus of this work, is an EEG headset, which allows a user to control her computer only using her thoughts.
In this study, we show how such a malicious EEG device or a malicious application having access to EEG signals recorded by the device can be turned into a new form of a keylogger, called PEEP, that passively eavesdrops over user’s sensitive typed input, specifically numeric PINs and textual passwords, by analyzing the corresponding neural signals. PEEP works because user’s input is correlated with user’s innate visual processing as well as hand, eye, and head muscle movements, all of which are explicitly or implicitly captured by the EEG device.
Our contributions are two-fold. First, we design and develop PEEP against a commodity EEG headset and a higher-end medical-scale EEG device based on machine learning techniques. Second, we conduct the comprehensive evaluation with multiple users to demonstrate the feasibility of PEEP for inferring PINs and passwords as they are typed on a physical keyboard, a virtual keyboard, and an ATM-style numeric keypad. Our results show that PEEP can extract sensitive in-put with an accuracy significantly higher than a random guessing classifier. Com-pared to prior work on this subject, PEEP is highly surreptitious as it only requires passive monitoring of brain signals, not deliberate, and active strategies that may trigger suspicion and be detected by the user. Also, PEEP achieves orders of magnitude higher accuracies compared to prior active PIN inferring attacks. Our work serves to raise awareness to a potentially hard-to-address threat arising from EEG devices which may remain attached to the users almost invariably soon.
 

Threat Model

Threat Model

People

Faculty

  • Nitesh Saxena

Student

  • Ajaya Neupane (@UAB; PhD 2017)
  • Md Lutfor Rahman (MS student; currently doing PhD. at UCR)

Publication

  • SoK: Your Mind Tells a Lot About You: On the Privacy Leakage   via Brainwave Devices
    Anuradha Mandal and Nitesh Saxena
    In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2022
  • PEEP: Passively Eavesdropping Private Input via Brainwave Signals
    Ajaya Neupane, Md. Lutfor Rahman and Nitesh Saxena
    In Financial Cryptography and Data Security (FC), April 2017
    [pdf]

Media Coverage

  • Using Brainwaves to Guess Passwords, MIT Technology Review, May 5, 2017
  • Hackers can use brainwave signals to steal passwords, MSN, July 3 , 2017
  • Study finds hackers could use brainwaves to steal passwords, UAB, June 28, 2017
  • Hackers could soon tap into your brainwaves to guess your passwords, IBT Times, May 9, 2017
  • Hackers could monitor your BRAINWAVES to steal passwords, Daily Mail, June 30, 2017
  • Brainwave-Reading Headsets Could Help Hackers Guess Your Password, Popular Mechanics, May 5, 2017
  • How Your Brainwaves Can Be Used To Steal Passwords And Private Data, Fossbytes, May 6, 2017
  • How hackers can hijack brainwaves to capture your passwords, ZDNet, May 8, 2017
  • Brainwave-Reading Headsets Could Help Hackers Guess Your Passwords, Yahoo Tech, May 8 , 2017
  • Tu cerebro revelará contraseñas a los hackers, Media-Tics, May 16, 2017
  • Les pirates pourraient-ils détourner vos ondes cérébrales pour subtiliser vos mots de passe Une experience suggere que cela n est pas improbable, Developpez.com, May 8, 2017
  • Piratear el cerebro para robar contraseñas, Influencers (Comunicado de prensa) (blog), May 12, 2017
  • Los pensamientos también pueden ser pirateados, tendencias21 May 14, 2017
  • Estudio revela cómo se pueden descifrar contraseñas analizando ondas cerebrales, Por Jhoanell Angulo, May 9, 2017
  • Onde cerebrali, la nuova frontiera dell’hackeraggio, Linkiesta, May 17, 2017
  • Hoe hackers wachtwoorden kunnen stelen via hersengolven, DataNews, May 8, 2017
  • Hackers could soon tap into your brainwaves to guess your passwords, secnews24, May 9, 2017
  • Hackers could soon tap into your brainwaves to guess your passwords, Europe Breaking News, May 9, 2017
  • Beware! Hackers could use your brainwaves to guess your password, Ripples Nigeria, May 9, 2017
  • Malicious Software: University Study Unveils How Headsets Can Use Brainwaves To Steal Passwords, University Herald, May 6, 2017
  • A simple neyrointerfeys for “reading” of passwords in mind , Rusbase, May 5, 2017
  • PINs and passwords easy to hack, thanks to brainwave tech, Deccan Chronicle, July 1, 2017
  • CYBER CRIMINALS COULD MONITOR YOUR BRAINWAVES IN ORDER TO STEAL PASSWORDS, Live 24 News, July 1, 2017
  • Computer Scientists: Passwords Can be Acquired from Brain Waves, InfoSecurity Magazine, June 30, 2017
  • Brainwave Tech Could Make It Easier For Hackers To Steal Passwords, IFL Science, June 30, 2017
  • Research shows brainwaves may well betray passwords to hackers (VIDEO), ZDNet, July 7, 2017
  • Hackers can steal PINs, passwords from your brainwaves: Study,  Indian Express, June 30, 2017
  • Cybercriminals could soon be able to hack your BRAINWAVES to steal passwords and empty bank accounts, scientists warn, The Sun, June 30, 2017
  • Hackers Could Use Brainwaves To Make Educated Guesses On Passwords And PINs, Silicon, June 30, 2017
  • UAB study: hackers can use brainwave-sensing headsets to steal personal information, AL.com, June 30, 2017

Recent News

  • “Neuro Security” work got a MURI award from AFOSR March 22, 2023
  • Paper accepted to Oakland 2023 March 14, 2023
  • Paper (conditionally) accepted to MobiSys 2023 February 27, 2023
  • Paper accepted to USENIX Security 2023 February 21, 2023
  • 2 full papers accepted to WiSec 2023 January 30, 2023
  • Cybersecurity Program Led By Dr. Saxena Ranks Best! January 26, 2023
  • EarSpy in Media January 26, 2023
  • Dr. Saxena is a Co-PI on Thematic AI Lab November 28, 2022
  • Paper accepted to PMC 2022 November 28, 2022
  • Paper accepted to ICISC 2022 November 28, 2022
  • A New Grant from NSA October 17, 2022
  • Dr. Saxena appointed as a Dean’s Research Fellow October 17, 2022
  • Dr. Saxena to lead a new SaTC Medium project on Election Security July 16, 2022
  • SPIES Lab’s 12th PhD Graduate — Anuradha Mandal July 16, 2022
  • SPIES Lab’s 11th PhD Graduate – Payton Walker July 6, 2022
  • Two papers accepted to PST 2022 June 9, 2022
  • Paper accepted to ICDCS 2022 April 4, 2022
  • Paper accepted CHIL 2022 March 19, 2022
  • 2 papers accepted to WiSec 2022 March 19, 2022
  • Paper accepted to EuroS&P 2022 February 12, 2022

© 2016–2023 SPIES Lab, Computer Science and Engineering Log in

Texas A&M Engineering Experiment Station Logo
  • College of Engineering
  • Facebook
  • Twitter
  • State of Texas
  • Open Records
  • Risk, Fraud & Misconduct Hotline
  • Statewide Search
  • Site Links & Policies
  • Accommodations
  • Environmental Health, Safety & Security
  • Employment