Hackers are reportedly exploiting Apple Vision Pro’s eye-tracking technology to steal sensitive data, using a vulnerability named GAZEploit. Researchers from the University of Florida, CertiK Skyfall Team, and Texas Tech University identified this flaw, which poses a privacy risk during Apple Vision Pro FaceTime calls.
GAZEploit targets the virtual keyboard, analyzing eye movements to predict what users are typing. In virtual reality, the Apple Vision Pro tracks eye movements as users select keys on a virtual keyboard. Hackers can detect typing by observing patterns like blinking reduction and rapid eye movements (saccades). Using machine learning models, they can achieve up to 85.9% accuracy in predicting individual keystrokes and 98% in identifying typing sessions.
This vulnerability allows attackers to remotely monitor and capture sensitive information, such as passwords or messages, during virtual meetings or video calls, without the user’s knowledge.
To protect against such attacks, users should avoid typing sensitive information in VR environments and use physical keyboards instead. Regular software updates and adjusting privacy settings to limit eye-tracking features can also help safeguard against potential threats.