Experts Can Guess Passwords from Zoom Calls and Shoulder Movements

Researchers have described an intriguing method that, according to them, can be used to uncover passwords of Zoom and other video conferencing service users. All it takes is to observe a person’s shoulder during a video call, experts say.

This method was detailed by experts from the University of Texas and the University of Oklahoma in their article, “Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks.” According to the publication, the researchers were able to accurately determine what was being typed by analyzing shoulder movements.

Surprisingly, it’s the user’s shoulder that gives away their passwords. As noted in the article, this method could pose a threat during communication via Zoom, Google Chat, Skype, or Teams. However, the researchers admit that in real-world situations, carrying out such an attack would be much more difficult than in their controlled tests.

For example, when the researchers set up the environment to their specifications, the accuracy of password detection reached 75%. But when the environment was random, this figure dropped to 20%.

“With this method, a potential attacker could obtain confidential data: bank card numbers, authentication codes, and even user addresses,” the experts wrote.

According to the published article, the key factor was the connection between the fingers and the shoulder joints and muscles. Depending on which finger was used to type, the reaction of the shoulder joints varied. The researchers say these visual differences could reveal the direction in which the user was typing on the keyboard. To determine specific keys, the experts used special software that relied on dictionaries.

Using this approach, they were able to successfully identify 18.9% of passwords. The remaining 74% could not be determined because those words were not in the software’s database.

Source

• Our other channels
• Our friends and partners