How to snoop on what an Apple Vision Pro user is typing

A naukri.com initiative

New

How to sno...

Kaspersky

185

Image Credit: Kaspersky

Researchers have exposed an attack that breaches the confidentiality of the sensitive information entered by users of Apple Vision Pro's headset.
The attack, dubbed GAZEploit, intercepts text input written by the eyes' movement patterns of the headset's user, reconstructed via the avatar's mirrored movements.
Text is input in visionOS by a virtual keyboard and eye tracking is used to mimic human eye focus on which keys are pressed.
By using biometric data fed by Vision Pro's precise sensors, researchers identify where a user's eyes move, enabling them to reconstruct the characters entered on the keyboards.
The system has three virtual keyboards to further disguise which keyboard is in use: passcode, QWERTY, and number & special characters.
The neural network identifies text-input sessions and uses scenario-specific data-entry techniques to improve interpretation of where the user's gaze was trained.
At maximum precision, only a third of entered characters are correctly identified.
The attack can dramatically reduce the number of attempts needed to brute-force passwords and puts targeted high-profile attacks at risk.
The vulnerability was patched in the latest versions of visionOS, but users are advised to exercise caution when entering passwords during video calls and to use a password manager to create and store them.

Read Full Article

11 Likes

For uninterrupted reading, download the app