Wednesday, May 14, 2025
HomeCVE/vulnerabilityResearchers Find a Way to Learn What Users Type in Video Calling

Researchers Find a Way to Learn What Users Type in Video Calling

Published on

SIEM as a Service

Follow Us on Google News

You are on an official video call. You share a joke with your coworker about your boss on private chat. You’ll both laugh and giggle over the joke. The call gets over, and you carry on with life as normal.

The next day your boss calls you, and guess what, he wants to discuss the joke you had privately shared to your coworker. You know your coworker did not snitch on you. Then how on earth did your boss know about that joke. You rack your brains and you end up with no answer.

Until one day, you come across this article. The article states that hackers can read what you are typing when you are on a video call!!

- Advertisement - Google News

How are they finding out what you are typing when you are on a video call? Hack your system? No! Track your keystrokes? No! What they do instead is track the movement of your shoulders.

This is something that has not been given much importance to date. Until COVID struck and we all were forced to conduct official meetings via video calls.

Finding the way:

The research team from Texas which had found out that this could be done, states that the videos are in high-fidelity and the pixels convey more information than one realizes.

The team did not use any special machine learning tools or artificial intelligence to figure out how subtle movements of one’s shoulders can affect the pixels. The basic movements being tracked were North, South, East, and West.

When this was applied to a keyboard, the information being derived was tremendous. For example, to type “Ant” one starts with A, moves east to N, and then west to T.

These shoulder movements were analyzed and software was built to cross-reference these with an English dictionary to build a “word profile”.

Investigation and Demo:

The pattern recognition was 75% accurate in a lab setting, where a particular type of chair was used and only a set number of words were used.

When the test was moved to a real word setting, the team was able to accurately infer 66% of the websites typed, 21% of random English words, and a measly 18% of passwords typed, due to the increased complexity and randomness. Though these numbers are quite low right now, they are bound to increase as time passes by.

It was found that users who had long hair covering their shoulders were at lower risk of being read and so too were ones who were hunting for keys on the keyboard.

Until the video calling software are able to work out a method to blur your shoulders while you type or any such solution, maybe just let your hair grow. Or well, just don’t type while on a video call.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...