The Apple Vision Pro has a worrying security flaw — hackers could easily guess passwords based on eye movements
The attack has been dubbed ‘GAZEploit’
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A group of researchers have identified a security flaw inApple’s Vision Pro mixed reality headset which let them reconstruct user’s passwords, PINs and messages.
Dubbed ‘GAZEploit’, the researchers used eye-tracking data to allow them to decode what users typed using their eyes with the virtual keyboard.
Since the avatars are visible to other users, the researchers did not have to hack into anything, or to gain access to the user’s headset, they just had to study the eye movements of their avatar. The avatars can use the virtual keyboard to log into Slack, Teams, Twitter, and more.
All patched up
The researchers were able to predict keyboard placement with impressive accuracy, able to deduce the correct letters typed within a maximum of five guesses with over 90% accuracy in messages, 77% of the time for passwords, and 73% of the time for PINs.
The vulnerability was discovered in April, and Apple issued a patch to fix the issue in July, and the avatar will no longer be displayed when the virtual keyboard is being used. It is said to be the first of its kind, and exposes how biometric data can be used to surveil users, the researchers confirmed,
“These technologies … can inadvertently expose critical facial biometrics, including eye-tracking data, through video calls where the user’s virtual avatar mirrors their eye movements,”
Wearable technology has ushered in anew set of privacy concernsfor users, with more information captured and stored in people’s day to day lives. Health data, locations, biometric information, could all be used against users if it fell into the wrong hands.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
ViaWired
More from TechRadar Pro
Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.
LG Electronics sets ambitious B2B revenue goal to offset declining consumer demand
New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics