Presented at
BruCON 0x07 (2015),
Oct. 8, 2015, 7:30 p.m.
(60 minutes)
“Electroencephalography (EEG) is a non-invasive method for the recording and the study of electrical activity of the brain taken from the scalp. The source of these brain signals is mostly the synapic activity between brain cells (neurons). EEG activity is represented by different waveforms per second (frequencies) that can be used to diagnose or monitor different health conditions such as epilepsy, sleeping disorders, seizures, Alzheimer disease, among other clinical uses. On the other hand, brain signals are used for many other research and entertainment purposes, such as neurofeedback, arts and neurogaming. Nowadays, this technology is being adopted more and more in different industries.
A brief introduction of BCIs (Brain-Computer Interfaces) and EEG will be given in order to understand the risks involved in our brain signals processing, storage and transmission.
Live demos include the sniffing of brain signals over TCP/IP, MITM attacks to change data on the fly, DoS attacks to shutdown EEG servers as well as flaws in well-known EEG applications when dealing with corrupted EDF (file format) samples. These demos are a first approach to demonstrate that many EEG technologies are prone to common network and application attacks.
Finally, best practices and regulatory compliance on digital EEG will be discussed.”
Presenters:
-
Alejandro Hernández
as Alejandro Hernandez
“Consultant with passion for different topics in security such as penetration testing, OSINT and fuzzing. Currently working for the security firm IOActive, where he had had the chance to work for different Fortune 500 companies in different countries such as Mexico, USA, UK, South Korea, Netherlands and South Africa.
Co-author of DotDotPwn, a Directory Traversal fuzzer presented at BlackHat USA Arsenal 2011 and Melkor, an ELF file format fuzzer presented in Arsenal in 2014.”
Links:
Similar Presentations: