Turn Your Face Into An Attack Surface: Screen Attack Using Facial Reflections in Video Conferencing

TL;DR

This paper introduces FaceTell, a side-channel attack exploiting facial reflections in video conferencing to eavesdrop on on-screen application activities with high accuracy.

Contribution

The paper presents a novel attack system, FaceTell, demonstrating the feasibility and effectiveness of extracting application information from facial reflections during video calls.

Findings

FaceTell achieves 99.32% accuracy in identifying applications.

Facial reflections can leak detailed on-screen information during video conferencing.

The attack is effective across different devices and environments.

Abstract

In video conferencing, human faces serve as the primary visual focal points, playing multifaceted roles that enhance visual communication and emotional connection. However, we argue that a human face is also a side channel, which can unwittingly leak on-screen information through online video feeds. To demonstrate this, we conduct feasibility studies, which reveal that, illuminated by both ambient light and light emitted from displays, the human face can reflect optical variations of different on-screen content. The paper then proposes FaceTell, a novel side-channel attack system that eavesdrops on fine-grained application activities from pervasive yet subtle facial reflections during video conferencing. We implement FaceTell in a real-world testbed with three different brands of laptops and four mainstream video conferencing platforms. FaceTell is then evaluated with 24 human subjects across 13 unique indoor environments. With more than 12 hours of video data, FaceTell achieves a high accuracy of 99.32% for eavesdropping on 28 popular applications and is resilient to many practical impact factors. Finally, potential countermeasures are proposed to mitigate this new attack.