Could eye-tracking technology be exploited to gain access to passwords?

New research by scientists from the University of Florida, Texas Tech University and blockchain security company, CertiK, explores the potential for eye-tracking technology to be exploited in order to gain access to sensitive information.

In an experiment conducted by the researchers, 30 participants wore the Apple Vision Pro headset while completing a variety of typing tasks.

The virtual reality device incorporates integrated gaze-controlled typing. Using gaze information, the scientists were able to correctly guess the keystrokes of participants more than 80% of the time.

“While the integration of gaze-controlled typing methods in Apple Vision Pro has significantly enhanced user interaction, it also introduces new security and privacy risks,” the authors emphasised.

They highlighted the risk that hackers could remotely extract gaze estimations and “steal sensitive keystroke information” across a range of typing tasks – including messages, passwords, emails and passcodes.

“Through experiments, we demonstrated how attackers could reverse engineer confidential keystrokes by analysing video recordings of eye movements during text entry,” the authors noted.

They added that Apple has implemented robust security measures to mitigate these security risks.

“Future efforts should also focus on improving security protocols to protect users in virtual reality/mixed reality environments,” the authors emphasised.