Roadmap: Latest Campus & Coronavirus Info | Scheduled System Maintenance Dec 2-10
Saturday, December 5, 2020

Research shows shoulder movements in Zoom calls can be used to steal passwords

Research shows shoulder movements in Zoom calls can be used to steal passwords

NOVEMBER 16, 2020 — COVID-19 has upended face-to-face communication. Overnight, video calls have become the new normal for both personal and professional remote communication. Now, cybersecurity researchers at the University of Texas at San Antonio warn that a new privacy threat related to online video calls is on the horizon. It’s possible to steal private information typed on a keyboard during an online video call by just analyzing a person’s shoulder and upper arm movements during the call.

“Although there is no evidence of widespread exploitation of this vulnerability in the wild yet, our research shows that such attacks are indeed feasible,” said computer science professor Murtuza Jadliwala, who leads SPriTELab and the UTSA research team behind these findings. “Our inference framework employs image processing techniques to model and capture minor shoulder movements due to typing that are observable during video calls, and maps those movements to a prediction or guess of what is being typed. Experiments with actual human-subject participants show that our framework is able to make a pretty good prediction of the words being typed.”


“Our work really highlights the need for awareness and countermeasures against such threats.”



The research team designed and tested their framework in a lab setting, as well as in a real, fully unconstrained setting, by employing different webcams, video calling software, keyboards, and clothing worn by participants. In addition to inferring regularly typed English words on a QWERTY keyboard with reasonably good accuracy, their framework was also able to infer less common (yet sensitive) text such as passwords and websites, although with a slightly lower accuracy. An important feature of the proposed attack is that it can exploit any type of video call where shoulders are visible on the screen.

“Although not a cause for immediate alarm, our work really highlights the need for awareness and countermeasures against such threats,” Jadliwala added. “It is good to be informed and educated about such new and evolving privacy threats targeting popular online applications and services.”


EXPLORE FURTHER

The research team also proposed and evaluated several protection mechanisms against these threats, including frame blurring, frame pixelation and frame skipping, with pretty good success. The peer reviewed research results will be presented in the upcoming Network and Distributed Systems Security (NDSS) Symposium to be held virtually this year due to the COVID-19 pandemic. NDSS is one of the premier academic research conferences in the field of cybersecurity, publishing ground-breaking results in the area.

Milady Nazir



UTSA Today is produced by University Strategic Communications,
the official news source
of The University of Texas at San Antonio.

Send your feedback to news@utsa.edu.


UTSA Today is produced by University Communications and Marketing, the official news source of The University of Texas at San Antonio. Send your feedback to news@utsa.edu. Keep up-to-date on UTSA news by visiting UTSA Today. Connect with UTSA online at Facebook, Twitter, Youtube and Instagram.


Events


Spotlight

Spotlight

utsa-sds_680.png
UTSA launches new cybersecurity institute to aid U.S. manufacturers

UTSA’s Mission

The University of Texas at San Antonio is dedicated to the advancement of knowledge through research and discovery, teaching and learning, community engagement and public service. As an institution of access and excellence, UTSA embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property - for Texas, the nation and the world.

UTSA’s Vision

To be a premier public research university, providing access to educational excellence and preparing citizen leaders for the global environment.

UTSA’s Core Values

We encourage an environment of dialogue and discovery, where integrity, excellence, inclusiveness, respect, collaboration and innovation are fostered.

UTSA’S Destinations

UTSA is a proud Hispanic Serving Institution (HSI) as designated by the U.S. Department of Education.

Our Commitment to Inclusivity

The University of Texas at San Antonio, a Hispanic Serving Institution situated in a global city that has been a crossroads of peoples and cultures for centuries, values diversity and inclusion in all aspects of university life. As an institution expressly founded to advance the education of Mexican Americans and other underserved communities, our university is committed to ending generations of discrimination and inequity. UTSA, a premier public research university, fosters academic excellence through a community of dialogue, discovery and innovation that embraces the uniqueness of each voice.