Bespectacled video conferencing participants have more to worry about than if their hair is uncombed or they have some spinach stuck between their teeth. According to newly-publicised research, they may also be unwittingly leaking sensitive information displayed on their computer screens.
Boffins from the University of Michigan teamed up with their counterparts at the Zhejiang University in China to investigate whether the wearing of eyeglasses while using a computer was a security risk.
Specifically, the researchers explored whether it was possible to determine what might be displayed on the screen by examining the reflections of a person's glasses while they were on a Zoom call or Google Meet sessions.
The researchers' paper, entitled "Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing," describes how they set up a controlled lab experiment, which proved it was possible to reconstruct and recognise on-screen text with over 75% accuracy when reflected in the glasses of a video conference participant.
Of course, the effectiveness of the technique relies upon a number of factors. These include, the curvature of the eyeglasses' lenses - with prescription glasses proving more successful at providing a useful reflection than glasses that are designed to block blue light.
Furthermore, of course, the quality of the video camera is key.
A typical 720p webcam can, according to the research, read on-screen texts via reflections that are as small as 10mm.
As researcher Yan Long told The Register:
"The present-day 720p camera's attack capability often maps to font sizes of 50-60 pixels with average laptops."
However, higher resolution 4k webcams become more common, the snooping technique could provide access to text displayed in smaller fonts:
"We found future 4k cameras will be able to peek at most header texts on almost all websites and some text documents."
But it's not just text reflected from a screen that could be leaked by a wearer of spectacles on a video conference call.
The researchers also found the technique would reveal which websites a user was viewing - with a 94% accuracy found when tested against the Alexa Top 100 most popular websites.
So, if you really feel that this might be a problem in your organisation, what can be done?
Well, the researchers have an unorthodox mitigation.
They suggest that Zoom users take advantage of a video filter feature (found under "Background and Effects" in the video conferencing app's settings) that can automatically adorn your face with reflection-blocking cartoon sunglasses.
The likes of Skype and Google Meet don't offer similar protection at the moment, but presumably wouldn't find it too difficult if the threat genuinely became a concern.
Although it's easy to make fun of a subject like this, reflections have leaked information in the past with serious results.
For instance, in 2019, an obsessed fan assaulted a Japanese popstar after he determined where she lived by zooming-in on the reflections in her eyeballs in selfies the star had posted on social media.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsDecember 19, 2024
November 14, 2024