The Apple Vision Pro has a worrying security flaw — hackers could easily guess passwords based on eye movements

Happy young woman using a virtual reality headset
A person using a generic VR headset (Image credit: Shutterstock / TierneyMJ)

A group of researchers have identified a security flaw in Apple’s Vision Pro mixed reality headset which let them reconstruct user’s passwords, PINs and messages.

Dubbed ‘GAZEploit’, the researchers used eye-tracking data to allow them to decode what users typed using their eyes with the virtual keyboard.

Since the avatars are visible to other users, the researchers did not have to hack into anything, or to gain access to the user’s headset, they just had to study the eye movements of their avatar. The avatars can use the virtual keyboard to log into Slack, Teams, Twitter, and more.

All patched up

The researchers were able to predict keyboard placement with impressive accuracy, able to deduce the correct letters typed within a maximum of five guesses with over 90% accuracy in messages, 77% of the time for passwords, and 73% of the time for PINs.

The vulnerability was discovered in April, and Apple issued a patch to fix the issue in July, and the avatar will no longer be displayed when the virtual keyboard is being used. It is said to be the first of its kind, and exposes how biometric data can be used to surveil users, the researchers confirmed,

“These technologies … can inadvertently expose critical facial biometrics, including eye-tracking data, through video calls where the user’s virtual avatar mirrors their eye movements,”

Wearable technology has ushered in a new set of privacy concerns for users, with more information captured and stored in people’s day to day lives. Health data, locations, biometric information, could all be used against users if it fell into the wrong hands.

Via Wired

More from TechRadar Pro

Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
Find My app logo displayed on an iPhone 11 screen
This Find My exploit lets hackers track any Bluetooth device – here’s how you can stay safe
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Apple users facing new security risks after critical USB component hacked
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Latest in Pro
Epson EcoTank ET-4850 next to a TechRadar badge that reads Big Savings
I found the best printer deal you won't see in the Amazon Spring Sale and it's got a massive $150 saving
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Group of people meeting
Inflexible work policies are pushing tech workers to quit
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
An image of network security icons for a network encircling a digital blue earth.
Why multi-CDNs are going to shake up 2025
Latest in News
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently revealing the full cast for Avengers: Doomsday, and I think it's going to be a long-winded announcement