Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

The Apple Vision Pro has a worrying security flaw — hackers could easily guess passwords based on eye movements

Happy young woman using a virtual reality headset.

A group of researchers have identified a security flaw in Apple’s Vision Pro mixed reality headset which let them reconstruct user’s passwords, PINs and messages.

Dubbed ‘GAZEploit’, the researchers used eye-tracking data to allow them to decode what users typed using their eyes with the virtual keyboard.

Since the avatars are visible to other users, the researchers did not have to hack into anything, or to gain access to the user’s headset, they just had to study the eye movements of their avatar. The avatars can use the virtual keyboard to log into Slack, Teams, Twitter, and more.

All patched up

The researchers were able to predict keyboard placement with impressive accuracy, able to deduce the correct letters typed within a maximum of five guesses with over 90% accuracy in messages, 77% of the time for passwords, and 73% of the time for PINs.

The vulnerability was discovered in April, and Apple issued a patch to fix the issue in July, and the avatar will no longer be displayed when the virtual keyboard is being used. It is said to be the first of its kind, and exposes how biometric data can be used to surveil users, the researchers confirmed,

“These technologies … can inadvertently expose critical facial biometrics, including eye-tracking data, through video calls where the user’s virtual avatar mirrors their eye movements,”

Wearable technology has ushered in a new set of privacy concerns for users, with more information captured and stored in people’s day to day lives. Health data, locations, biometric information, could all be used against users if it fell into the wrong hands.

Via Wired

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.