"Today, a group of six computer scientists are revealing a new attack against Apple’s Vision Pro mixed reality headset where exposed eye-tracking data allowed them to decipher what people entered on the device’s virtual keyboard. The attack, dubbed GAZEploit and shared exclusively with WIRED, allowed the researchers to successfully reconstruct passwords, PINs, and messages people typed with their eyes."
Fascinating stuff. This attack doesn't work with a normal laptop or device because we tend to look at the screen as we type instead of the keys. But on the Apple Vision Pro, your gaze is your pointer. By tracking what you're paying attention to, attackers can understand exactly what you're typing, including sensitive information.
Apple has patched the problem, presumably by making its virtual avatars just a little bit more dead in the eyes. But as more eye-based interfaces roll out, more exploits will surely be discovered. As we reveal more of ourselves in virtual space, more of our secrets become apparent, too.
[Link]
· Links · Share this post
I’m writing about the intersection of the internet, media, and society. Sign up to my newsletter to receive every post and a weekly digest of the most important stories from around the web.