The Apple Vision Pro launched with a first-of-its-kind security flaw straight out of science fiction

3comments
We may earn a commission if you make a purchase from the links on this page.
Close-up of an eye using Apple Vision Pro
This year Apple tried its hand at the XR (Extended Reality) industry. And though the price of its headset has drawn lots of ridicule, the Apple Vision Pro has also accomplished a multitude of firsts for the industry. Apparently one of these was a new kind of security exploit never seen before in any device.

The exploit apparently made it possible to figure out what a person was typing by, and this is pretty cool, tracking their eye movements. Yep, the same principle Apple’s headset uses to let you browse its visionOS could be turned against you with alarming accuracy.

Get iPhone 16 Pro Max at Amazon with Boost Mobile

Go Pro Max this fall with style and choose the supreme iPhone 16 Pro Max. The latest ultra-premium iOS smartphone is available at Amazon with Boost Mobile. The device sells for under $1 with Boost Mobile, plan and activation required ($70.55/mo).

Get the iPhone 16 Pro at Amazon with Boost Mobile

The latest AI-enhanced iPhone 16 Pro is available for purchase at Amazon with Boost Mobile. The smartphone arrives for less than $1, provided that you pick a wireless service plan by Boost Mobile ($65/mo) and activate your device.

Get the iPhone 16 at Amazon with Boost Mobile

Get the iPhone 16 to experience Apple Intelligence and get things done effortlessly. The smartphone is available at Amazon with Boost Mobile for 100% off. You have to pick a Boost Mobile wireless plan ($65/mo). The deal requires activation.

According to the researchers who alerted Apple to this exploit, they were able to correctly guess a password within the first five tries 77 percent of the time. For text messages this number rose to 92 percent. This is the first time information has been able to be extracted from a user’s “gaze data”.

Video Thumbnail
I am 77 percent certain his password is password. | Video credit — Apple

The exploit didn’t require the researchers to hack into the Vision Pro either. Those personas that Vision Pro users can use to portray themselves online? They were the culprit. Apparently just by analyzing the eye movements on the personas it was possible to decipher what the user was typing.

Fortunately, the researchers claim this vulnerability wasn’t detected and exploited before they alerted Apple back in April. The company patched out the flaw in visionOS 1.3 near the end of July. I have no clue why Apple took that long, especially since the “fix” just disables the personas when a user is typing, but at least it’s patched now.

This exploit immediately reminded me of science fiction media where we see ridiculous concepts like enhancing an awfully blurry image or lip-reading from five miles away. Only this time it was actually real, perhaps a testament to the Vision Pro’s stellar eye tracking.

The Vision Pro is one of the best AR headsets currently available today but news like this reminds us that, when designing something novel, expect novel problems as well.
Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless