Your Microsoft Teams or Zoom calls could be getting hacked in a really bizarre way

Woman waving on a video call using her laptop
(Image credit: djile / Shutterstock)

Your humble eyeglasses could give hackers a secret window into your company's valuable data on video calls, security experts have claimed.

Researchers from the University of Michigan in the US and Zhejiang University in China recently published a report in which they explain how eyeglasses reflections could be used to steal sensitive or private data, through video conferencing tools such as Zoom or Microsoft Teams

The report said it is possible to reconstruct and recognize, with more than 75% accuracy, on-screen texts that have heights as small as 10mm, all while using nothing more than a 720p webcam.

Peaking through the reflections

Truth be told, the experiment was done in a controlled lab setting, meaning results in real-life use might differ. In fact, the researchers are saying there are many factors that can contribute to the accuracy of the method, including the participant's skin color, how well-lit the room is, the brightness of the display the contrast between the text and the background on the display, as well as the eyeglasses.

Still, the risk is real, especially for users with 4K cameras, with the team stating, "We found future 4k cameras will be able to peek at most header texts on almost all websites and some text documents."

In fact, when researchers set out to just identify the specific website the eyeglasses-wearing person was looking at, success rate for Alexa’s top 100 websites was 94%.

Discussing potential use cases for this type of attack, researchers said they could be used to “cause discomforts” in daily activities, such as bosses monitoring what the employees are looking at, during meetings. A more serious potential scenario is losing key negotiation-related information this way.

As for possible mitigations, Zoom apparently has a filter with reflection-blocking capabilities - however other tools are yet to catch up.

Via: The Register

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.