Boffins from the University of Michigan in the US and Zhejiang University in China want to shed light on how glasses-wearing video conferencing participants inadvertently reveal sensitive information on the screen through reflections in their glasses.
With the spread of the COVID-19 pandemic and the rise of remote work, video conferencing has become a common occurrence. Researchers argue that the ensuing privacy and security issues deserve more attention, and they’ve been keeping a close eye on this unusual attack vector.
in paper Distributed via ArXiv, titled “Private Eye: On the Limits of Looking at a Text Screen via Glasses Reflections in Video Conferences,” researchers Yan Long, Chen Yan, Shilin Xiao, Shivan Prasad, Wenwan Shu, and Kevin Fu describe how they analyzed optical emission from video screens that were reflected on eyeglass lenses. .
“Our work explores and describes viable threat models based on optical attacks using multi-frame super-resolution techniques on video frame sequences,” the computer scientists explain in their paper.
“Our models and experimental results in a controlled laboratory setting show that it is possible to reconstruct and recognize on-screen text with over 75 percent accuracy that is 10 mm high using a 720p webcam.” This corresponds to 28 points, which is a commonly used font size for headings and lowercase headings.
Yan Long, corresponding author and doctoral candidate at the University of Michigan, Ann Arbor, explained in an email to record.
These font sizes can often be found in slide shows and titles/titles of some websites (for example, ‘We gave you a seat in the chat’ at https://www.twitch.tv/p/en/about/). “
Being able to read the reflected address size text is not quite the privacy and security issue of being able to read fonts smaller from 9 to 12 points. But this technology is expected to provide access to smaller font sizes as HD webcams become more popular.
“We have found that future 4K cameras will be able to peek at most header text on almost all websites and some text documents,” Long said.
When the goal was to locate the specific website that was only visible on a video meeting participant’s screen from the reflection of glasses, the success rate rose to 94 percent among Alexa’s top 100 websites.
“We believe the potential applications of this attack range from causing inconvenience in daily activities, for example superiors monitoring what their subordinates are browsing in a video business meeting, to business and commerce scenarios where repercussions may lead to the leaking of key information related to negotiations,” Long said. .
He said the attack envisions opponents participating in conference sessions as well as those who obtain and replay recorded meetings. “It would be interesting for future research to scrape online videos like the ones on YouTube and analyze the amount of information that is leaked through glasses in the videos,” he said.
A variety of factors can affect the clarity of the text reflected in the glasses of a video conference participant. This includes reflection based on the meeting participant’s skin tone, environmental light intensity, screen brightness, text contrast with a web page or application background, and eyeglass lens characteristics. Thus, not everyone who wears glasses will necessarily provide opponents with mirrored screen sharing.
In terms of potential mitigations, boffins says Zoom already provides a video filter in the background settings menu and effects consisting of opaque cardboard glasses that prevent reflection. Skype and Google Meet lack this defense.
The researchers argue that other more usable software-based defenses include targeted distortion of eyeglass lenses.
They explain, “While none of the platforms supports it now, we have implemented a real-time blurring prototype that can inject a modified video stream into video conferencing software.” “Prototype software locates the area of the glasses and applies a Gaussian filter to blur the area.”
The Python code It can be found on github. ®