A group of six computer scientists are revealed a new attack against Apple’s Vision Pro mixed reality headset where exposed eye-tracking data allowed them to decipher what people entered on the device’s virtual keyboard. The attack allowed the researchers to successfully reconstruct passwords, PINs, and messages people typed with their eyes.
Researchers did not gain access to Apple’s headset to see what they were viewing. Instead, they worked out what people were typing by remotely analyzing the eye movements of a virtual avatar created by the Vision Pro. This avatar can be used in Zoom calls, Teams, Slack, Reddit, Tinder, Twitter, Skype, and FaceTime.
More information:
https://www.wired.com/story/apple-vision-pro-persona-eye-tracking-spy-typing/