Hackers can steal keystrokes from Apple Vision Pro with GAZEsploit

September 15, 2024
1 min read


TLDR: New GAZEploit Attack Lets Hackers Capture Keystrokes from Apple Vision Pro

  • A vulnerability known as GAZEploit allows hackers to capture keystrokes from Apple Vision Pro’s virtual keyboards by analyzing eye movements.
  • The attack focuses on biometric indicators like the eye aspect ratio and eye gaze estimation to infer what is being typed.

A novel security vulnerability dubbed “GAZEploit” has been discovered that could allow hackers to capture keystrokes from Apple Vision Pro’s virtual keyboards. The attack exploits the eye-tracking technology used for gaze-based typing on Apple’s mixed-reality headset. Researchers from the University of Florida, CertiK Skyfall Team, and Texas Tech University developed GAZEploit, which analyzes eye movements of a user’s virtual avatar to infer what is being typed. The attack works by recording the movements of the avatar’s eyes during FaceTime calls or other scenarios where the avatar is visible.

The researchers trained a machine learning model on data from 30 participants and achieved 98% accuracy in identifying typing sessions. For predicting individual keystrokes, they reported 85.9% accuracy and 96.8% recall. Apple has released a patch to address the vulnerability in visionOS 1.3 in July 2024. Experts recommend avoiding entering sensitive information via eye-tracking methods in VR environments when possible to protect against similar attacks.

The GAZEploit research highlights the need for robust privacy safeguards as VR technology becomes more prevalent. While Apple has addressed this specific vulnerability, it serves as a reminder of the emerging privacy challenges posed by VR/AR technologies that rely on biometric data.


Latest from Blog

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives