Researchers find Apple Vision Pro’s eye tracking exposed what users type
Apple’s virtual keyboard in visionOS
A group of computer scientists has discovered a new security vulnerability in Apple’s Vision Pro mixed reality headset. By exploiting the device’s eye-tracking technology, they were able to decipher sensitive information such as passwords, PINs, and typed messages. This, of course, raises concerns about the potential for privacy breaches and unauthorized access to personal data.
The attack, dubbed GAZEploit and shared exclusively with WIRED, allowed the researchers to successfully reconstruct passwords, PINs, and messages people typed with their eyes.
“Based on the direction of the eye movement, the hacker can determine which key the victim is now typing,” says Hanqiu Wang, one of the leading researchers involved in the work. They identified the correct letters people typed in passwords 77 percent of the time within five guesses and 92 percent of the time in messages.
To be clear, the researchers did not gain access to Apple’s headset to see what they were viewing. Instead, they worked out what people were typing by remotely analyzing the eye movements of a virtual avatar created by the Vision Pro. This avatar can be used in Zoom calls, Teams, Slack, Reddit, Tinder, Twitter, Skype, and FaceTime.
The researchers alerted Apple to the vulnerability in April, and the company issued a patch to stop the potential for data to leak at the end of July.
MacDailyNews Take: Check out the video:
Please help support MacDailyNews — and enjoy subscriber-only articles, comments, chat, and more — by subscribing to our Substack: macdailynews.substack.com. Thank you!
Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.
The post Researchers find Apple Vision Pro’s eye tracking exposed what users type appeared first on MacDailyNews.