A study recently showed that it was possible to access information displayed on the screen of a videoconference participant through the reflection of his or her glasses. A new spying risk to be taken seriously?
Sensitive data can be exposed
Researchers from the University of Michigan in the United States and Zhejiang University in China made this revelation. In a paper entitled “Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing” they explain that they “have successfully reconstructed and recognised on-screen text as low as 10 mm in height with a 720p webcam with an accuracy of more than 75%“. In other words, it would be possible for a participant in a video conference to read text with a font size of 28 points in the reflection of the glasses of another participant in the online meeting.
However, the study points out that a number of conditions must be met for the text to be readable. The brightness of the screen, the type of glasses or the ambient light are all criteria that will reduce the risk of spying.
Moreover, it is currently impossible for researchers to analyse texts with a font size of 9 to 12 points.
A cyber security risk that could increase in the future
With technological advances, particularly those in 4K, researchers believe that it will be increasingly easy to read texts through webcams. This type of video conference spying is therefore likely to increase.
And for good reason: video conferences are full of data, often confidential, related to the activity of companies and organisations. The use of videocollaboration tools is now massively adopted: all company functions can therefore be targeted.
The security of video conferences in question
For the time being, this type of spying, via the reflection of the participants’ glasses, does not seem to be widespread. However, vigilance must be maintained regarding the security of video conferences.
Indeed, spying on online meetings, particularly through backdoors or security flaws, is a risk that is already very real. The end-to-end encryption of communication flows makes it possible to avoid any risk of espionage and data theft. A Secure by Design videoconferencing solution is also recommended: it incorporates security mechanisms from the outset to reinforce the reliability of the software.