'Brainwave login' technology could be the key to beating hackers

A team at University of California in Berkeley is working on the potential breakthrough that uses memorised pass phrases for logins

Abu Dhabi, United Arab Emirates, March 28, 2019.   IDEAS Abu Dhabi Forum.--  (L-R)   Betsy Cooper – Director, Tech Policy Hub, Aspen Institute and Cassandra Kelly – EU Global Tech Panel; Co-Founder Pottinger, CChange.
Victor Besa/The National
Section:  NA
Reporter:  Dan Sanderson
Powered by automated translation

Human brainwaves could become the latest line of defence against cyber hackers – using technology that would allow internet users to log in to email or social media accounts using the power of their mind.

At Ideas Abu Dhabi on Thursday, the ease with which attackers could access confidential data was laid bare.

Even two-factor authentication, when an internet user is sent a code over text message for example to complete a log-in or transaction, can pose little difficulty to many hackers according to Kevin Mitnick, who spent five years in an American jail for computer crimes and is now an adviser on computer security.

However, a solution may lie in mobilising the brain, according to Betsy Cooper, policy director at the Aspen Institute, one of the organisers of the festival, and a cyber security expert.

Thinking of a specific 'password' phrase creates the same pattern of brainwaves in a person every time they do it, she said, which could then be analysed to unlock a phone or login to accounts.

There are three factors – the physical device in your ear, the phrase you have to think, and the third is the repeatable pattern of brainwaves

She said a team at the University of California in Berkeley, where she previously worked, are busy working on the technology, which although still in testing phases, is becoming closer to reality.

The global cost of criminal hacking was estimated to be $600 billion in 2017, or about 0.8 per cent of global GDP, meaning that potential breakthrough could bring huge economic benefit to governments, companies and individuals.

“You take a little device, it looks like an earbud you use for your iPhone, you stick it in your ear,” she said. “You create a pass phrase, a sentence, and if you think the same phrase, there is a repeatable set of brainwaves you can use.

“So there are three factors there – the first is the physical device in your ear, the second is the phrase you have to think, and the third is the repeatable pattern of brainwaves.

“So if I had ‘Mary had a little lamb’ as my passphrase, I can take that and it will only allow me to login if the actual waves match. If I think ‘three blind men’ I would get a different set of lines.”

In a session on cyber warfare and security, even fingerprints can be replicated with a high-definition photo and a 3D printer, it was claimed.

Ms Cooper said the ability to change the password phrase – and therefore the brainwave pattern acting as a password – is another benefit of using the brain to log in.

“The key point is changeability. With a lot of biometrics, your fingerprint, your gait, facial recognition, if someone is able to hack that pattern you’re done. The great thing about something like brainwaves is it’s changeable, so I think we need to focus on new methods of authentication.”

However, Mr Mitnik raised concerns, saying hackers may just be able to simply access and replicate the brain wave pattern to access systems.

“Usually attackers don’t go with the front door,” he said. “They find alternate routes. So what type of replay mitigation has been incorporated into the product? Could they just replay someone’s brain wave pattern?”

Other potential problems include consumption of substances such as caffeine or alcohol may alter brain waves, making it harder to log in as they can interfere with the pattern of waves produced.