Source URL: https://yro.slashdot.org/story/24/09/13/2057213/apple-vision-pros-eye-tracking-exposed-what-people-type?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Apple Vision Pro’s Eye Tracking Exposed What People Type
Feedly Summary:
AI Summary and Description: Yes
**Summary:**
The text discusses a new attack, named GAZEploit, which exploits eye-tracking data from Apple’s Vision Pro mixed reality headset to reconstruct sensitive information like passwords and messages. This demonstrates significant vulnerabilities in biometric data security and raises important implications for privacy and surveillance in emerging technologies.
**Detailed Description:**
The recent research conducted by a team of computer scientists has yielded alarming results regarding the security of biometric data used in the Apple Vision Pro mixed reality headset. The researchers have successfully demonstrated an attack method that utilizes eye-tracking data to ascertain what a user types on the device’s virtual keyboard, achieving high accuracy levels. The key points of the study and its implications are as follows:
– **GAZEploit Attack Overview:**
– The technique is named GAZEploit, and it allows the reconstruction of typed passwords, PINs, and messages by analyzing users’ eye movements.
– The researchers could correctly identify letters typed in passwords 77% of the time within five guesses and 92% accuracy for messages.
– **Methodology:**
– The attack does not involve direct access to the headset or what is displayed on the device.
– It relies on creating a virtual representation of the user, through which eye movement is tracked remotely.
– The researchers employed a recurrent neural network, a type of deep learning model, to analyze eye movement patterns associated with typing.
– **Eye Movement Patterns:**
– While typing, individuals exhibit specific gaze patterns that are distinct from when they are browsing or watching media.
– The frequency of blinking decreases significantly during typing tasks, which can serve as an indicator of activity.
– **Geometric Calculations:**
– The attack also incorporates geometric calculations to estimate keyboard positioning and size, allowing predictions of keystrokes based on gaze information.
– **Results of the Study:**
– In controlled lab tests, the researchers achieved the following prediction accuracies:
– 92.1% for messages
– 77% for passwords
– 73% for PINs
– 86.1% for emails, URLs, and web pages.
– The first guess yielded correct letters between 35% to 59% of the time, dependent on the type of information being typed.
– **Significance:**
– This research unveils critical issues surrounding the security and privacy implications of biometric data, especially in the context of mixed reality and related technologies.
– It highlights the potential for biometric systems to inadvertently expose highly sensitive information, raising concerns about the integration of such technologies in everyday life and the surveillance industry.
– **Response from Apple:**
– Apple was notified of this vulnerability, and subsequently, a patch was issued at the end of July to minimize the risk of data leakage.
This research not only sheds light on the vulnerabilities inherent in eye-tracking technologies but also poses broader questions about privacy, surveillance, and the ongoing need for robust security measures in AI and biometric data handling. Security professionals must consider the implications of such threats on the design and deployment of future mixed reality systems.