2 min read

Reflections in your glasses can leak information while you're on a Zoom call

Graham CLULEY

September 21, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Reflections in your glasses can leak information while you're on a Zoom call

Bespectacled video conferencing participants have more to worry about than if their hair is uncombed or they have some spinach stuck between their teeth.  According to newly-publicised research, they may also be unwittingly leaking sensitive information displayed on their computer screens.

Boffins from the University of Michigan teamed up with their counterparts at the Zhejiang University in China to investigate whether the wearing of eyeglasses while using a computer was a security risk.

Specifically, the researchers explored whether it was possible to determine what might be displayed on the screen by examining the reflections of a person's glasses while they were on a Zoom call or Google Meet sessions.

The researchers' paper, entitled "Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing," describes how they set up a controlled lab experiment, which proved it was possible to reconstruct and recognise on-screen text with over 75% accuracy when reflected in the glasses of a video conference participant.

Of course, the effectiveness of the technique relies upon a number of factors.  These include, the curvature of the eyeglasses' lenses - with prescription glasses proving more successful at providing a useful reflection than glasses that are designed to block blue light.

Furthermore, of course, the quality of the video camera is key.

A typical 720p webcam can, according to the research, read on-screen texts via reflections that are as small as 10mm.

As researcher Yan Long told The Register:

"The present-day 720p camera's attack capability often maps to font sizes of 50-60 pixels with average laptops."

However, higher resolution 4k webcams become more common, the snooping technique could provide access to text displayed in smaller fonts:

"We found future 4k cameras will be able to peek at most header texts on almost all websites and some text documents."

But it's not just text reflected from a screen that could be leaked by a wearer of spectacles on a video conference call.

The researchers also found the technique would reveal which websites a user was viewing - with a 94% accuracy found when tested against the Alexa Top 100 most popular websites.

So, if you really feel that this might be a problem in your organisation, what can be done?

Well, the researchers have an unorthodox mitigation.

They suggest that Zoom users take advantage of a video filter feature (found under "Background and Effects" in the video conferencing app's settings) that can automatically adorn your face with reflection-blocking cartoon sunglasses.

The likes of Skype and Google Meet don't offer similar protection at the moment, but presumably wouldn't find it too difficult if the threat genuinely became a concern.

Although it's easy to make fun of a subject like this, reflections have leaked information in the past with serious results.

For instance, in 2019, an obsessed fan assaulted a Japanese popstar after he determined where she lived by zooming-in on the reflections in her eyeballs in selfies the star had posted on social media.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Flaw allowed man to access private information of other Brinks Home Security customers Flaw allowed man to access private information of other Brinks Home Security customers
Graham CLULEY

November 30, 2022

2 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
Alina BÎZGĂ

November 29, 2022

2 min read
Hackers Steal Crime Files in Attack on Belgian Police Station, Then Demand Ransom Hackers Steal Crime Files in Attack on Belgian Police Station, Then Demand Ransom
Filip TRUȚĂ

November 28, 2022

2 min read