Details have emerged about a now-fixed security flaw affecting Apple’s Vision Pro mixed reality headsets that could allow a malicious attacker to infer data typed into the device’s virtual keyboard.
This attack: GAZE Prototypehas been assigned the CVE identifier CVE-2024-40865.
“This new attack allows for the inference of eye biometric information from avatar images and the reconstruction of text entered using gaze-controlled typing,” said a group of researchers from the University of Florida.
“The GAZEploit attack exploits a vulnerability inherent in gaze-controlled text input when users share their virtual avatars.”
Following responsible disclosure, Apple addressed the issue in visionOS 1.3, released on July 29, 2024. The company explained that the vulnerability affects a component called Presence.
“Input into the virtual keyboard may be inferred from Persona,” the company said in a security advisory, adding that it had addressed the issue by “suspending Persona when the virtual keyboard is active.”
Put simply, the researchers discovered that by analyzing the eye movements (or “gaze”) of a virtual avatar, they could determine what the headset-wearing user was typing on a virtual keyboard, essentially violating their privacy.
As a result, threat actors may be able to analyze virtual avatars shared over video calls, online conferencing apps, or live streaming platforms and perform remote keystroke guessing, which can then be exploited to extract sensitive information such as passwords.
The attack is carried out by a supervised learning model trained on persona recordings, eye aspect ratio (EAR) and gaze estimation to distinguish between typing sessions and other VR-related activities, such as watching movies or playing games.
In a next step, the gaze estimation direction on the virtual keyboard is mapped to specific keys and potential keystrokes are determined in a way that also takes into account the position of the keyboard in the virtual space.
“By remotely capturing and analyzing video of a virtual avatar, an attacker can reconstruct keystrokes,” the researchers said. “Notably, the GAZEploit attack is the first known attack in the field that leverages leaked gaze information to perform remote keystroke guessing.”
