Hackers can exploit Zoom users by noticing shoulder movements, report says
The team tested the attack on Skype, Google Hangouts and Zoom. Skype yielded slightly better results than the other two video-conferencing software, the team stated.
(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Hackers can find out what a Zoom user is typing in private chats during a video call by noticing minor shoulder movements.
The movement of the shoulders and arms could reveal what the fingers typed, making the user vulnerable to cyberattacks, researchers at the University of Texas stated in a study titled 'Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks'.
Video-conferencing platform Zoom gained popularity during lockdown periods, as consumers started working and studying from home. Zoom said in April it had more than 200 million daily users.
The team of researchers was able to understand the texts typed by a user with 75% accuracy, by observing how their shoulders and arms moved during the video call. They also examined several settings including different webcams, video resolutions, keyboards, clothing, and backgrounds.
Also read | How link previews on Instagram, Facebook Messenger can leak private information
The team also analysed based on users' typing styles. Those who used the 'hunt-and-peck' method of typing, which involves large arm movements, are most vulnerable to attack. 'Touch-typers' are less vulnerable owing to unrecognisable hand movements. Users wearing sleeveless clothes were more susceptible than those wearing full-sleeved clothes.
The team tested the attack on Skype, Google Hangouts and Zoom. Skype yielded slightly better results than the other two video-conferencing software, the team stated.
Users attending Zoom video meetings are left vulnerable to keystroke inference attacks, that could lead to theft of sensitive information, credit card numbers, and addresses. Webcams with high-resolution lenses could also make it easier for hackers to track body movements, the team said.
Comments