GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Lukasz Olejnik (lukaszolejnik@mastodon.social)'s status on Sunday, 12-Jan-2025 17:35:07 JST Lukasz Olejnik Lukasz Olejnik

    Stealing passwords and PINs entered by Apple Vision Pro users. As you can see, you never know when a lecture on double integrals over surfaces might come in handy. https://arxiv.org/abs/2409.08122

    In conversation about a month ago from mastodon.social permalink

    Attachments


    1. https://files.mastodon.social/media_attachments/files/113/147/260/675/836/924/original/81e254b9a84e60e8.png
    2. Domain not in remote thumbnail source whitelist: arxiv.org
      GAZEploit: Remote Keystroke Inference Attack by Gaze Estimation from Avatar Views in VR/MR Devices
      The advent and growing popularity of Virtual Reality (VR) and Mixed Reality (MR) solutions have revolutionized the way we interact with digital platforms. The cutting-edge gaze-controlled typing methods, now prevalent in high-end models of these devices, e.g., Apple Vision Pro, have not only improved user experience but also mitigated traditional keystroke inference attacks that relied on hand gestures, head movements and acoustic side-channels. However, this advancement has paradoxically given birth to a new, potentially more insidious cyber threat, GAZEploit. In this paper, we unveil GAZEploit, a novel eye-tracking based attack specifically designed to exploit these eye-tracking information by leveraging the common use of virtual appearances in VR applications. This widespread usage significantly enhances the practicality and feasibility of our attack compared to existing methods. GAZEploit takes advantage of this vulnerability to remotely extract gaze estimations and steal sensitive keystroke information across various typing scenarios-including messages, passwords, URLs, emails, and passcodes. Our research, involving 30 participants, achieved over 80% accuracy in keystroke inference. Alarmingly, our study also identified over 15 top-rated apps in the Apple Store as vulnerable to the GAZEploit attack, emphasizing the urgent need for bolstered security measures for this state-of-the-art VR/MR text entry method.
    • MortSinyx likes this.
    • Embed this notice
      翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Sunday, 12-Jan-2025 18:43:56 JST 翠星石 翠星石
      in reply to
      @LukaszOlejnik How do you steal a password? The original user still remembers it.

      Before the days where the internet connected vandalisers that never get bored, for public systems you could just be based and just set your password to your username (i.e. rms).
      In conversation about a month ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.