Name
Abstract | ||
|---|---|---|
New emerging devices open up immense opportunities for everyday users. At the same time, they may raise significant security and privacy threats. One such device, forming the central focus of this work, is an EEG headset, which allows a user to control her computer only using her thoughts. In this paper, we show how such a malicious EEG device or a malicious application having access to EEG signals recorded by the device can be turned into a new form of a keylogger, called PEEP, that passively eavesdrops over user's sensitive typed input, specifically numeric PINs and textual passwords, by analyzing the corresponding neural signals. PEEP works because user's input is correlated with user's innate visual processing as well as hand, eye, and head muscle movements, all of which are explicitly or implicitly captured by the EEG device. Our contributions are two-fold. First, we design and develop PEEP against a commodity EEG headset and a higher-end medical-scale EEG device based on machine learning techniques. Second, we conduct the comprehensive evaluation with multiple users to demonstrate the feasibility of PEEP for inferring PINs and passwords as they are typed on a physical keyboard, a virtual keyboard, and an ATM-style numeric keypad. Our results show that PEEP can extract sensitive input with an accuracy significantly higher than a random guessing classifier. Compared to prior work on this subject, PEEP is highly surreptitious as it only requires passive monitoring of brain signals, not deliberate, and active strategies that may trigger suspicion and be detected by the user. Also, PEEP achieves orders of magnitude higher accuracies compared to prior active PIN inferring attacks. Our work serves to raise awareness to a potentially hard-to-address threat arising from EEG devices which may remain attached to the users almost invariably soon. |
Year | DOI | Venue |
|---|---|---|
2017 | 10.1007/978-3-319-70972-7_12 | Lecture Notes in Computer Science |
Field | DocType | Volume |
Headset,Eavesdropping,Computer science,Computer security | Conference | 10322 |
ISSN | Citations | PageRank |
0302-9743 | 1 | 0.34 |
References | Authors | |
18 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Ajaya Neupane | 1 | 52 | 6.70 |
| Md. Lutfor Rahman | 2 | 9 | 0.84 |
| Nitesh Saxena | 3 | 1204 | 82.45 |