A recently revealed security flaw in Apple’s Vision Pro mixed reality headset, now patched, could have allowed attackers to deduce data entered via the device’s virtual keyboard. Known as GAZEploit and identified as CVE-2024-40865, this vulnerability exploited gaze-controlled text entry, enabling attackers to infer eye-related biometrics from a user’s virtual avatar image to reconstruct the typed content, according to researchers from the University of Florida.
Apple fixed the vulnerability, which affected a component called Presence, in visionOS 1.3 released on July 29, 2024, after the issue was responsibly disclosed.
Apple recently acknowledged a vulnerability in the Vision Pro mixed reality headset that allowed attackers to infer inputs on the virtual keyboard from the virtual avatar, known as Persona. The company addressed this issue by suspending Persona when the virtual keyboard is in use.
Researchers discovered that by analyzing a virtual avatar’s eye movements, or “gaze,” it was possible to deduce what the user was typing, potentially compromising privacy. This flaw could let threat actors analyze virtual avatars shared in video calls, online meetings, or live streams to perform keystroke inference and extract sensitive data, like passwords.
The attack uses a supervised learning model trained on recordings of Persona, eye aspect ratio (EAR), and eye gaze estimation, which differentiates between typing and other VR activities. The model then maps the estimated gaze directions on the virtual keyboard to specific keys, taking into account the keyboard’s position in virtual space. This approach enables attackers to reconstruct typed keys by remotely analyzing the virtual avatar’s video. The researchers noted that GAZEploit is the first known attack exploiting leaked gaze data to remotely infer keystrokes.