Original

Honor | CertiK is recognized by Apple for the 6th time for discovering a vulnerability in Apple Vision Pro eye tracking technology

avatar
CertiK
09-20
This article is machine translated
Show original

On September 20, 2024, CertiK, a leading Web3.0 security agency, proudly announced that CertiK engineers were recognized by Apple for discovering critical vulnerabilities in the Apple Vision Pro MR (mixed reality) headset. This is the sixth time that Apple has publicly thanked CertiK , and CertiK remains the Web3.0 security agency that Apple has publicly thanked the most.

(Source: https://support.apple.com/en-us/120915)

The issue, discovered by engineers at CertiK in collaboration with five other computer scientists, reveals how eye-tracking data from Apple Vision Pro could be used to decrypt sensitive information such as passwords, PINs, and messages.

In this study, the research team shared the attack method called "GAZEploit" exclusively with WIRED magazine. By analyzing the user's eye movement trajectory using two biometric features extracted from Vision Pro recordings: eye aspect ratio (EAR) and eye movement estimation, the researchers were able to reconstruct what the user typed on the Vision Pro virtual keyboard. By observing these patterns, the team was able to reconstruct the message with 92% accuracy and infer the password with 77% accuracy.

The vulnerability was initially reported to Apple in April 2024, and Apple released a software update to fix the issue in July of the same year. This research demonstrates the growing privacy risks associated with emerging biometric technologies and highlights the need for strong security measures to protect the privacy of enterprises and users.

As an authority in the field of cybersecurity, CertiK has always been at the forefront of protecting critical technologies and sensitive data. Since 2020, CertiK has conducted more than 70 white hat operations, reported more than 4,000 security incidents, discovered more than 115,000 code vulnerabilities, and protected more than $360 billion in digital assets from potential losses. Among them, it received Sui's highest vulnerability bounty to date for discovering critical vulnerabilities. By cultivating a culture of trust and innovation, CertiK aims to set a new benchmark for cybersecurity and continuously optimize its products and services to ensure security and meet the security needs of customers.

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
Add to Favorites
Comments