Skip to content

Vision Pro flaw allows attackers to analyse eye movements

  • by
  • 3 min read

Photo: Ringo Chiu / Shutterstock.com

A novel cyberattack dubbed ‘GAZEploit’ has emerged. It exploits vulnerabilities in gaze-controlled typing systems such as Apple Vision Pro to reconstruct text input by analysing eye movements. This attack exposes a new threat to users who interact with virtual avatars on platforms such as video calls, live streaming, and potentially malicious websites, raising concerns over privacy risks, including the potential theft of login credentials.

Apple has assigned CVE-2024-40865 for the GAZEploit vulnerability, reports Wired. Users are urged to download the latest VisionOS software update to protect themselves from this flaw.

The GAZEploit attack targets the eye-related biometrics gathered from avatar video feeds, including eye aspect ratio (EAR) and gaze direction estimation. Using these biometrics, attacks can remotely infer what users type on virtual keyboards, such as login credentials or other sensitive information.

As per the researchers, this is the first known attack to exploit gaze data to perform keystroke inference remotely, making it a significant breakthrough in gaze-based vulnerabilities.

“The GAZEploit attack leverages the vulnerability inherent in gaze-controlled text entry when users share a virtual avatar. Virtual avatars, whether shared through video calls, online meeting apps, live streaming platforms, or potentially malicious websites, pose a significant privacy risk by potentially exposing user information such as login credentials,” explained researchers.

GAZEploit attack explained. | Source: GAZEploit

The GAZEploit system employs advanced machine learning algorithms to distinguish typing from common computer-based activities such as video streaming or playing games.

When users are engaged in typing, their eye movements display a characteristic concentrated and recurring pattern, accompanied by a noticeable reduction in blinking frequency.

” We use the gaze estimation points in these high stability region as click candidates. Evaluation on our dataset shows precision and recall rate of 85.9% and 96.8% on identifying keystrokes within typing sessions,” researchers said.

The research team developed a sophisticated recurrent neural network (RNN) model featuring 128 hidden layers and utilised a cross-entropy loss function for training. This approach resulted in a remarkably high accuracy rate of 98.1% in detecting typing sessions.

Individual keystrokes. | Source: GAZEploit

One key element of GAZEploit’s success is its ability to detect individual keystrokes by analysing the natural saccades (rapid gaze shifts between objects) and fixations (steady gaze on a specific object) that occur during gaze-controlled typing. By identifying the stable points in the user’s gaze, the attack can pinpoint the keys being targeted with high precision.

The next challenge for the attackers was determining the virtual keyboard’s precise location in the digital environment. GAZEploit uses statistical analysis of eye movements to estimate where the virtual keyboard is positioned, leveraging keystrokes on boundary keys such as Q, P, and the spacebar to define its size and layout. This allows for accurately mapping the user’s gaze to specific keys, achieving 100% top-5 character prediction accuracy during tests.

Researchers tested 30 participants from various races, genders and ages. The attack proved successful across multiple scenarios, including message input, password typing, email or URL entry, and passcode input.

In the News: Google partners with The Internet Archive to add context to Search

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>