Abstract

Health-related Internet of Things (IoT) devices are becoming more popular in recent years. On the one hand, users can access information of their health conditions more conveniently; on the other hand, they are exposed to new security risks. In this paper, we presented, to the best of our knowledge, the first in-depth security analysis on home-use electroencephalography (EEG) IoT devices. Our key contributions are twofold. First, we reverse-engineered the home-use EEG system framework via which we identified the design and implementation flaws. By exploiting these flaws, we developed two sets of novel easy-to-exploit PoC attacks, which consist of four remote attacks and one proximate attack. In a remote attack, an attacker can steal a user's brain wave data through a carefully crafted program while in the proximate attack, the attacker can steal a victim's brain wave data over-the-air without accessing the victim's device on any sense when he is close to the victim. As a result, all the 156 brain-computer interface (BCI) apps in the NeuroSky App store are vulnerable to the proximate attack. We also discovered that all the 31 free apps in the NeuroSky App store are vulnerable to at least one remote attack. Second, we proposed a novel deep learning model of a joint recurrent convolutional neural network (RCNN) to infer a user's activities based on the reduced-featured EEG data stolen from the home-use EEG IoT devices, and our evaluation over the real-world EEG data indicates that the inference accuracy of the proposed RCNN is can reach 70.55%.