Your Microsoft Teams or Zoom calls could be getting hacked in a really bizarre way
>
Your humble goggles could give hackers a secret insight into your company’s valuable video call data, security experts claim.
Researchers from the University of Michigan in the US and Zhejiang University in China recently published a report (opens in new tab) in which they explain how reflections from glasses can be used to steal sensitive or private data, through video conferencing tools such as Zoom or Microsoft Teams.
According to the report, it is possible to reconstruct and recognize with an accuracy of more than 75%, text on the screen with a height of only 10 mm, all while using nothing more than a 720p webcam.
Peaking through the reflections
The truth is that the experiment was conducted in a controlled laboratory setting, which means that the results may differ in real life. In fact, the researchers say there are many factors that can contribute to the accuracy of the method, including the participant’s skin color, how well the room is lit, the brightness of the screen, the contrast between the text and the background on the screen. display, as well as the glasses.
Still, the risk is real, especially for users with 4K cameras, with the team saying, “We found that future 4K cameras will be able to look at most headers on almost all websites and some text documents.”
When researchers just wanted to identify the specific website the eyeglass wearer was looking at, the success rate for Alexa’s top 100 websites was 94%.
Discussing potential use cases for this type of attack, researchers said they could be used to “cause inconvenience” in day-to-day activities, such as bosses checking what employees are watching during meetings. A more serious potential scenario is losing important negotiation-related information in this way.
As far as possible mitigations, Zoom apparently has a filter with reflection-blocking capabilities, but other tools have yet to catch up.
Through: The register (opens in new tab)