Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Neuroscience Explains Why We’re So Hackable

$
0
0

Neuroscience Explains Why We’re So Hackable
MRI brain scans reveal the way we perceive, or simply ignore, security warnings.

Companies spend nearly $100 billion on securing computers each year, yet incidents such as ransomware crippling hospitals and personal data leaking online remain common. Anthony Vance thinks that defensive measures could be more effective if we paid more attention to the hardware between our ears.

Recommended for You

Reached Via a Mind-Reading Device, Deeply Paralyzed Patients Say They Want to Live

The Trillion Internet Observations Showing How Global Sleep Patterns Are Changing

What Happens If Net Neutrality Goes Away?

Two Infants Treated with Universal Immune Cells Have Their Cancer Vanish

Tesla Just Added a Huge Stack of Batteries to the California Power Grid

Recommended for You

Reached Via a Mind-Reading Device, Deeply Paralyzed Patients Say They Want to Live

The Trillion Internet Observations Showing How Global Sleep Patterns Are Changing

What Happens If Net Neutrality Goes Away?

Two Infants Treated with Universal Immune Cells Have Their Cancer Vanish

Tesla Just Added a Huge Stack of Batteries to the California Power Grid

“Security professionals need to worry not only about attackers but the neurobiology of their users,” said Vance, an associate professor at Brigham Young University, this week at the Enigma security conference in Oakland, California. His lab uses functional MRI scans of people’s brains to reveal the unconscious mechanisms behind the way they perceive―or ignore―security warnings.

One of Vance’s studies led him to collaborate with Google on tests of a new approach to displaying security warnings in the Chrome Web browser that people were less likely to dismiss offhand.Vance says Google's engineers told him they plan to add the featureto an upcoming version of Chrome. Google did not respond to a request for confirmation of when it would be added.

Daniela Olivera , an associate professor at the University of Florida, says such studies suggest a novel way to refine the usability of security tools and features―an area many researchers say the industry has tended to overlook. Incidents ranging from common malware infections to high-profile breaches like the DNC one that exposed John Podesta’s e-mails often involve a person making a hasty decision about a warning message or strange e-mail.

Multitasking is partly to blame. Vance’s collaboration with Google grew out of experiments that showed that people were three times less likely to correctly interpret a message when they reacted to security warnings while also performing another task.

Vance’s lab teamed up with Google to test a version of Chrome modified to deliver warnings about a person’s computer possibly being infected by malware or adware only when they weren’t deeply engaged in something. For example, it would wait until someone finished watching a video, or was waiting for a file to download or upload, to pop up the message.


Neuroscience Explains Why We’re So Hackable
Neuroscience Explains Why We’re So Hackable
Brain scans reveal that we’re far more likely to ignore security warnings when we’re engaged in another task.

Testing showed that people using the interruption-sensitive version of Chrome ignored the message only about a third of the time, compared to about 80 percent of the time without it.

Other studies in Vance’s lab have shown that people very rapidly become habituated to security warnings―he’s shown how the brain’s response to a message drops significantly even on just the second time someone sees it.

The researchers also did follow-up experiments in which people were asked to download mobile apps that asked for alarming permissions (for example, “Can delete your photos”). By breaking the usual rules of software design and having the security-related messages change in appearance slightly each time―for example, with different colors―it was possible to reduce the habituation effect.

“This shows the potential to use neuroscience to understand people’s behavior and validate new user interface designs,” said Vance. “Our security UI should be designed to be compatible with the way our brains work.”


Viewing all articles
Browse latest Browse all 12749

Trending Articles