Headline
CVE-2023-49914: Brain-Hack: Remotely Injecting False Brain-Waves with RF to Take Control of a Brain-Computer Interface | Proceedings of the 5th Workshop on CPS&IoT Security and Privacy
InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that is modulated by a “false” brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of a strong RF carrier, and alert the user that a report may be misleading if this carrier has been modulated by a low-frequency signal.
ABSTRACT
The promise of Brain-Computer Interfaces (BCIs) is counterbalanced by concerns about vulnerabilities. Recent studies have revealed that EEG-based BCIs are susceptible to security breaches. However, current attack approaches are challenging to execute in real-world settings because they need access to, at a minimum, the EEG data stream. In this work, we introduce an unexplored vulnerability of current EEG-based BCIs that consists of remotely injecting false brain-waves into the recording device. We do this by transmitting amplitude-modulated radio-frequency (RF) signals that are received by the physical structure of the EEG equipment. We demonstrate the versatility of our system by successfully attacking three different categories of EEG devices: research-grade (Neuroelectrics), open-source (OpenBCI), and consumer-grade (Muse). We test our attack system by taking control of three different BCIs: a virtual keyboard speller, a drone-control interface, and a neuro-feedback meditation interface. Our system was successful in each case, forcing the input of any desired character with the virtual keyboard, crashing the drone, and reporting false meditative states, respectively. To the best of our knowledge, this is the first time that an EEG device is remotely hacked at the physical layer. This work shows the risks that can arise from this type of attacks, which can not only be dangerous by seizing control of a BCI, but could also lead to severe misdiagnoses in clinical EEG tests.
Index Terms
- Brain-Hack: Remotely Injecting False Brain-Waves with RF to Take Control of a Brain-Computer Interface
A hybrid brain-computer interface for smart home control
HCII’11: Proceedings of the 14th international conference on Human-computer interaction: interaction techniques and environments - Volume Part II
Brain-computer interfaces (BCI) provide a new communication channel between the human brain and a computer without using any muscle activities. Applications of BCI systems comprise communication, restoration of movements or environmental control. Within …
Brain-Computer Interface using Directional Auditory Perception
AHs '23: Proceedings of the Augmented Humans International Conference 2023
We investigate the potential of brain-computer interface (BCI) using electroencephalogram (EEG) induced by listening (or recalling) auditory stimuli of different directions. In the initial attempt, we apply a time series classification model based on …