People are not aware that some of the devices sold in the market can sense brainwaves to steal passwords and other important data. This was the subject of a recent study conducted at the University of Alabama at Birmingham.

According to Nitesh Saxena, devices available today need to improve their security because malicious software can use these brain interfaces to help steal personal data and passwords. Furthermore, the more advanced devices that would make their way into people's lives in the future has a much higher risk.

One example of this is the high-end headset, Epoc+, made by Emotiv and marketed as a brain-sensing headset which can detect the emotions, such as anger, frustration, or sadness. Emotiv also said that it can be used to control robots using the thoughts.

Though the description sounds cool and out-of-this-world, Epoc+ can also reveal the person's personal information without their knowledge to cyber-criminals. Epoc+ is not an ordinary headset - it has electrodes that can detect voltage changes that occur in the outer layer of the brain, which is similar to EEG. It is used in research and medicine, such as diagnosing concussions. They are also sold commercially as a headset.

The interfaces of EEG might seem crude but the University of Alabama research proved that they can reveal personal information. They tested whether a person wearing the headset could feed information to malicious software using brainwaves.

They asked participants to enter random passwords and PINs while wearing the headset so that the software can learn the link between their brainwaves and what they were typing. The algorithm was able to guess after the person typed 200 characters and observing the EEG data.

The algorithm might not be perfect but Saxena said it shortens the guessing time of a four-digit password from 1:10,000 to 1:20.