CertiK Engineer Recognized for Identifying Vulnerability in Apple Vision Pro’s Eye-Tracking Technology
NEW YORK, Sept. 20, 2024 (GLOBE NEWSWIRE) -- CertiK, the industry-leading Web3 security firm, is proud to announce that Haoqi Shan, a distinguished member of CertiK’s engineering team, has been recognized for his critical role in identifying a vulnerability in Apple’s Vision Pro mixed reality headset. The findings, conducted in collaboration with five other computer scientists, revealed how exposed eye-tracking data from Apple’s Vision Pro could be exploited to decipher sensitive information, such as passwords, PINs, and messages.
In the study, shared exclusively with Wired, the attack — coined “GAZEploit” — allowed the researchers to reconstruct what people typed on the Vision Pro’s virtual keyboard by analyzing their eye movements. By observing these patterns, the team could accurately determine what individuals typed, achieving 92% accuracy in reconstructing messages and 77% accuracy in passwords.
The vulnerability was originally reported to Apple in April 2024, and the company issued a software update to address the issue in July 2024. This research demonstrates the increasing privacy risks associated with emerging biometric technologies and the need for robust security measures to protect companies and their users.
September 17 marks the sixth time Apple has publicly acknowledged CertiK for assisting the company in discovering and fixing vulnerabilities; CertiK therefore remains the Web3 security agency most publicly thanked by Apple.
As a trusted authority in the cybersecurity space, CertiK continues to lead the way in protecting critical technologies and sensitive data. By cultivating a culture of trust and innovation, CertiK aims to set new cybersecurity benchmarks and exceed expectations by customers who rely on its products for safety and security.
Contact Elisa Yiting Xu yiting@certik.com