Apple Vision Pro's Eye Tracking Exposed What People Type

Researchers have developed a new attack, GAZEploit, that can decipher passwords and messages entered on Apple's Vision Pro headset by analyzing eye movements. The attack exploits exposed eye-tracking data to identify keystrokes based on gaze patterns and geometric calculations. The researchers successfully reconstructed passwords, PINs, and messages with high accuracy. GAZEploit is the first attack to exploit gaze data, highlighting the potential risks of biometric information exposure. The attack consists of identifying typing patterns and using geometric calculations to determine keyboard placement and size. The researchers used deep learning models to analyze gaze fixations and blinking patterns during typing. They were able to predict correct letters with 92.1% accuracy in messages and 77% accuracy in passwords, even without prior knowledge of typing habits or keyboard placement. The findings underscore the need for robust security measures to protect sensitive data from gaze-based attacks.