October 7, 2016
Keep your thoughts to yourself if you don’t want to get hacked. That’s the message from Abdul Serwadda, assistant professor at Texas Tech University, who has conducted research into using brain waves as a method of authentication. Unlocking your phone using only your mind may sound cooler than scanning your fingerprint or scanning your iris, but anyone who gets hold of that data could learn about your detailed medical history that you may want to keep private.
“Authentication using brain waves probably has a long way to go,” Serwadda told Digital Trends in an interview published Thursday. “However, there are other applications of brain waves which would face the same threats.”
Although nowhere near ready for prime time, scientists have been exploring brainwave authentication for a while. Here is a prototype, dating back to 2012, that students at Aalborg University Copenhagen created that granted access to a smartphone by comparing to the waves on file:
Biometric authentication, measuring a user’s body to determine whether to grant access, has its pros and cons. There are no passwords to remember, but if the information ever escapes, it’s normally impossible to change. Changing a fingerprint isn’t exactly the same as remembering a secret question, and unfortunately brain waves suffer from similar issues. Serwadda warned that waves can reveal medical details like current drug use, emotional state, or any ongoing conditions.
“You don’t even have to go to hackers to find who will abuse this,” Serwadda said. “The app developer who posts a brain measuring app on the market is the first guy who might abuse this.”
Using brain waves to identify users would solve a lot of issues around authentication. Listening out for the mind’s distinctive waves could mean as soon as the signal is no longer detected, the device locks. But if it’s a choice between broadcasting personal data and taking a few seconds to scan a fingerprint, it might not be too surprising that brainwave scanning hasn’t taken off yet.