Monday, February 10, 2025
HomeCVE/vulnerabilityResearchers Find a Way to Learn What Users Type in Video Calling

Researchers Find a Way to Learn What Users Type in Video Calling

Published on

SIEM as a Service

Follow Us on Google News

You are on an official video call. You share a joke with your coworker about your boss on private chat. You’ll both laugh and giggle over the joke. The call gets over, and you carry on with life as normal.

The next day your boss calls you, and guess what, he wants to discuss the joke you had privately shared to your coworker. You know your coworker did not snitch on you. Then how on earth did your boss know about that joke. You rack your brains and you end up with no answer.

Until one day, you come across this article. The article states that hackers can read what you are typing when you are on a video call!!

How are they finding out what you are typing when you are on a video call? Hack your system? No! Track your keystrokes? No! What they do instead is track the movement of your shoulders.

This is something that has not been given much importance to date. Until COVID struck and we all were forced to conduct official meetings via video calls.

Finding the way:

The research team from Texas which had found out that this could be done, states that the videos are in high-fidelity and the pixels convey more information than one realizes.

The team did not use any special machine learning tools or artificial intelligence to figure out how subtle movements of one’s shoulders can affect the pixels. The basic movements being tracked were North, South, East, and West.

When this was applied to a keyboard, the information being derived was tremendous. For example, to type “Ant” one starts with A, moves east to N, and then west to T.

These shoulder movements were analyzed and software was built to cross-reference these with an English dictionary to build a “word profile”.

Investigation and Demo:

The pattern recognition was 75% accurate in a lab setting, where a particular type of chair was used and only a set number of words were used.

When the test was moved to a real word setting, the team was able to accurately infer 66% of the websites typed, 21% of random English words, and a measly 18% of passwords typed, due to the increased complexity and randomness. Though these numbers are quite low right now, they are bound to increase as time passes by.

It was found that users who had long hair covering their shoulders were at lower risk of being read and so too were ones who were hunting for keys on the keyboard.

Until the video calling software are able to work out a method to blur your shoulders while you type or any such solution, maybe just let your hair grow. Or well, just don’t type while on a video call.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Tor Browser 14.0.6 Released, What’s New!

The Tor Project has officially unveiled Tor Browser 14.0.6, now accessible for download from the...

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released

A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious...

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Tor Browser 14.0.6 Released, What’s New!

The Tor Project has officially unveiled Tor Browser 14.0.6, now accessible for download from the...

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released

A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious...

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...