The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.
  • thejml@lemm.eeEnglish
    41·
    2 months ago

    This makes perfect sense. The only way around it would be to randomize the location of the digits/letters, and I’m sure people would throw a fit if that was the case. Still it should be an option.

    • Petter1@lemm.eeEnglish
      51·
      2 months ago

      Or just use a f***ing password manager?! (Unlocked with retinaID same as with faceID on iPhone)

      We are not in 2010 anymore…

      • conciselyverbose@sh.itjust.worksEnglish
        2·
        2 months ago

        That’s what they actually did if you read the article. They don’t pass through the eyes the same when you’re on a keyboard now.

    • Petter1@lemm.eeEnglish
      21·
      2 months ago

      Yea, you don’t need to type password if you use passkeys that are unlocked using retinaID or how it is called in the vision pro.

  • foremanguy@lemmy.mlEnglish
    1·
    2 months ago

    Don’t if it’s a good idea or not but the solution is this case should be to have something like stars passwords or randomized eye movements. Artificial movements basically

  • 𝒎𝒂𝒏𝒊𝒆𝒍@sopuli.xyzEnglish
    01·
    2 months ago

    just don’t input passwords while on call/streaming? anyway, looks like it’s easy to fix, just disable avatar eye movement mapping when inputing a password, also I doubt if it’s real vector of attack, more of a proof of concept maybe?

  • AbouBenAdhem@lemmy.worldEnglish
    01·
    2 months ago

    Couldn’t you theoretically do the same thing by tracking someone’s eye movements on video chat, if they look at their keyboard while typing?

    • foremanguy@lemmy.mlEnglish
      1·
      2 months ago

      Yes and no, it’s not really as accurate, 1 - if the guy do not watch his keyboard at all. 2 - if the guy is watching a bit his keyboard but only to the approximate place of the letter and remember the position after. BUT this could be counter by training an AI to extrapolate the results to get something more precise