I Can See Your Brain: Investigating Home-Use Electroencephalography System Security

Health-related Internet of Things (IoT) devices are becoming more popular in recent years. On the one hand, users can access information of their health conditions more conveniently; on the other hand, they are exposed to new security risks. In this paper, we presented, to the best of our knowledge, the first in-depth security analysis on home-use electroencephalography (EEG) IoT devices. Our key contributions are twofold. First, we reverse-engineered the home-use EEG system framework via which we identified the design and implementation flaws. By exploiting these flaws, we developed two sets of novel easy-to-exploit PoC attacks, which consist of four remote attacks and one proximate attack. In a remote attack, an attacker can steal a user’s brain wave data through a carefully crafted program while in the proximate attack, the attacker can steal a victim’s brain wave data over-the-air without accessing the victim’s device on any sense when he is close to the victim. As a result, all the 156 brain–computer interface (BCI) apps in the NeuroSky App store are vulnerable to the proximate attack. We also discovered that all the 31 free apps in the NeuroSky App store are vulnerable to at least one remote attack. Second, we proposed a novel deep learning model of a joint recurrent convolutional neural network (RCNN) to infer a user’s activities based on the reduced-featured EEG data stolen from the home-use EEG IoT devices, and our evaluation over the real-world EEG data indicates that the inference accuracy of the proposed RCNN is can reach 70.55%.

[1]  Robert C. Qiu,et al.  Individual Recognition in Schizophrenia using Deep Learning Methods with Random Forest and Voting Classifiers: Insights from Resting State EEG Streams , 2017, ArXiv.

[2]  Niraj K. Jha,et al.  Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system , 2011, 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services.

[3]  Ivan Martinovic,et al.  Broken Hearted: How To Attack ECG Biometrics , 2017, NDSS.

[4]  Kyung-Sup Kwak,et al.  The Internet of Things for Health Care: A Comprehensive Survey , 2015, IEEE Access.

[5]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[6]  Lars Arendt-Nielsen,et al.  Dynamic changes and spatial correlation of EEG activities during cold pressor test in man , 2002, Brain Research Bulletin.

[7]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[8]  L. Aftanas,et al.  Human anterior and frontal midline theta and lower alpha reflect emotionally positive state and internalized attention: high-resolution EEG investigation of meditation , 2001, Neuroscience Letters.

[9]  Robert Lyda,et al.  Using Entropy Analysis to Find Encrypted and Packed Malware , 2007, IEEE Security & Privacy.

[10]  Lina Yao,et al.  Converting Your Thoughts to Texts: Enabling Brain Typing via Deep Feature Learning of EEG Signals , 2017, 2018 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[11]  Mirza Mansoor Baig,et al.  Smart Health Monitoring Systems: An Overview of Design and Modeling , 2013, Journal of Medical Systems.

[12]  Qiang Chen,et al.  A Health-IoT Platform Based on the Integration of Intelligent Packaging, Unobtrusive Bio-Sensor, and Intelligent Medicine Box , 2014, IEEE Transactions on Industrial Informatics.

[13]  Ivan Martinovic,et al.  When Your Fitness Tracker Betrays You: Quantifying the Predictability of Biometric Features Across Contexts , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[14]  Roberto Di Pietro,et al.  Smart health: A context-aware health paradigm within smart cities , 2014, IEEE Communications Magazine.

[15]  Zhiqiang Lin,et al.  IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing , 2018, NDSS.

[16]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[17]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[18]  Dawn Xiaodong Song,et al.  On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces , 2012, USENIX Security Symposium.

[19]  Arif KOYUN,et al.  Social Engineering Attacks , 2020 .

[20]  Danilo P. Mandic,et al.  Automatic Sleep Monitoring Using Ear-EEG , 2017, IEEE Journal of Translational Engineering in Health and Medicine.

[21]  A. Cichocki,et al.  Diagnosis of Alzheimer's disease from EEG signals: where are we standing? , 2010, Current Alzheimer research.

[22]  N. Birbaumer,et al.  BCI2000: a general-purpose brain-computer interface (BCI) system , 2004, IEEE Transactions on Biomedical Engineering.

[23]  James Philbin,et al.  FaceNet: A unified embedding for face recognition and clustering , 2015, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[24]  Klaus-Robert Müller,et al.  Explainable Artificial Intelligence: Understanding, Visualizing and Interpreting Deep Learning Models , 2017, ArXiv.

[25]  Christoph M. Michel,et al.  Epileptic source localization with high density EEG: how many electrodes are needed? , 2003, Clinical Neurophysiology.

[26]  K. Linkenkaer-Hansen,et al.  Long-Range Temporal Correlations and Scaling Behavior in Human Brain Oscillations , 2001, The Journal of Neuroscience.

[27]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[28]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[29]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[30]  高橋 哲也,et al.  Changes in EEG and autonomic nervous activity during meditation and their association with personality traits , 2004 .

[31]  Patrick D. McDaniel,et al.  Sensitive Information Tracking in Commodity IoT , 2018, USENIX Security Symposium.