SoK: Inaccessible & Insecure: An Exposition of Authentication Challenges Faced by Blind and Visually Impaired Users in State-of-the-Art Academic Proposals
Md Mojibur Rahman Redoy Akanda, Amanda Lacy, Nitesh Saxena
In 34th USENIX Security Symposium, August 2025.
News
2 Papers Accepted to PST 2025
- A Machine Learning-Based Framework for Assessing Cryptographic Indistinguishability of Lightweight Block Ciphers
Jimmy Dani, Kalyan Nakka, Nitesh Saxena
In 22nd Annual International Conference on Privacy, Security, and Trust (PST), August 2025.
- Encryption Struggles Persist: When Tech-Savvy Students Face Challenges with PGP in Thunderbird
Md Imanul Huq, Ahmed Tanvir Mahdad, Nitesh Saxena
In 22nd Annual International Conference on Privacy, Security, and Trust (PST), August 2025.
AI Spies News — BPSniff (IEEE S&P 2025) Paper News Story
New Study Uncovers Privacy Risks: VR Headsets Can Secretly Monitor Your Blood Pressure
College Station, TX — May 2025
SHARE THIS
A team of researchers from Temple University, Texas A&M University, Rutgers University and New Jersey Institute of Technology has uncovered a serious privacy vulnerability in consumer virtual reality (VR) headsets. The study reveals that built-in motion sensors, typically used to enhance immersive VR experiences, can be covertly exploited to continuously infer users’ blood pressure without their knowledge or consent. The full findings are being presented at the 2025 IEEE Symposium on Security and Privacy (S&P), one of the leading conferences in cybersecurity and privacy research.
The attack, dubbed BPSniff, demonstrates that blood-pressure-related vibrations—specifically ballistocardiogram (BCG) signals generated by blood flow—can be detected by high-frequency motion sensors embedded in devices like Meta Quest and Meta Quest 2. By analyzing these subtle physiological movements, attackers can estimate both systolic and diastolic blood pressure with a level of accuracy comparable to clinical-grade devices.
Unlike traditional health monitoring systems that require user calibration or consent, BPSniff bypasses both. The research shows that malicious apps or web-based scripts can access motion sensor data from VR headsets without explicit permissions. This allows adversaries to passively collect highly sensitive biometric data in real time, raising alarms about user surveillance in metaverse environments.
BPSniff utilizes advanced machine learning models, combining variational autoencoders (VAE) and long short-term memory (LSTM) networks, to reconstruct blood flow patterns from sensor data. These reconstructions are then used to estimate blood pressure continuously, achieving mean errors of just 1.75 mmHg (systolic) and 1.34 mmHg (diastolic)—well within FDA and AAMI medical standards.
The researchers tested the attack across multiple use cases, including various physical postures, headset models, and user movements. Even with noise introduced by normal VR activity like gaming or walking, BPSniff remained effective. The system’s robustness was further confirmed through an eight-week longitudinal study with 37 participants.
The implications are broad and alarming. Unauthorized access to blood pressure data can reveal information about a person’s health status, stress levels, emotional states, and reactions to stimuli—potentially enabling manipulation, discrimination, or psychological profiling. This threat escalates when combined with identity linkage from other data sources, opening the door to highly personalized and invasive surveillance.
To mitigate the risk, the researchers advocate for stronger privacy controls on motion sensor access, including real-time usage monitoring, permission-based frameworks, and AI-driven auditing tools within VR platforms. As the metaverse grows into a space for entertainment, collaboration, and even healthcare, this study highlights the urgent need to secure embedded sensors against misuse.
Read more stories like this on AI Spies News.
Launching the AI Spies News Channel
We’re excited to introduce the AI Spies News Channel, where the latest updates, insights, and breakthroughs from the SPIES research lab are transformed into engaging, media-style stories generated fully using AI (after necessary reviews and corrections by SPIES researchers).
Paper accepted to WiSec 2025
“Alexa, Is Dynamic Content Safe?” Understanding the risks of Dynamic Content
Nathan McClaran, Payton Walker, Zhao Zheng, Yangyong Zhang, Nitesh Saxena and Guofei Gu
In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), June/July 2025.
SPIES Lab’s Secure Messaging Work Features in News
SPIES Lab led by Dr. Nitesh Saxena investigates secure messaging apps like Signal and WhatsApp. While end-to-end encryption protects messages, vulnerabilities exist, such as “man-in-the-middle” attacks and user error in group chat. The lab aims to enhance security through improved verification tools, design changes, and encrypted keyboards, while also addressing challenges like cross-device syncing and AI integration.
Spy Vs. Spy: Texas A&M Researchers Work To Secure Messaging, Texas A&M University Division of Marketing and Communications
SPIES Lab Student to Start as an Assistant Professor

will be starting as a tenure-track Assistant Professor at Ohio University in their
School of Electrical Engineering and Computer Science this Fall 2025.
In a crowded job market heavily “skewed” by AI candidates, Tanvir had over a dozen Zoom interviews and about half a dozen on-site interviews at R1 universities, leading to multiple offers in hand. He carefully chose Ohio University as his employer considering multiple factors, the key being striking a balance between the (perceived) prospects of growth and quality of life.
Tanvir will be the SPIES Lab’s 5th PhD student graduating from TAMU who is taking up an academic position (7th graduating student since moving to TAMU in 2021, and 17th graduating PhD student overall). Congratulations!
Dr. Saxena’s Primer on Secure Communications in News Media
Secure communications and end-to-encryption is all over the news in light of the recent use of this technology underlying national security matters by the US government. The SPIES lab has been doing extensive work in this area and leading the nation on this forefront. Dr. Saxena recently gave a video interview to the Associated Press Spotlight breaking down end-to-end encryption in simple terms. The devil is in details, as he said, so for more info check out our research or reach to Dr. Saxena.
What is ‘classified’ information? What are ‘secure’ communications? Here’s a primer, St. Louis Post-Dispatch, Mar 31, 2025
Examples of other news outlets covering the interview:
-
- The Lincoln Journal Star
- The Eagle
- The Daily Progress
- St-Louis Post-Dispatch
- ABC Alaska
- Fox News
- FOX 26 News
- FOX 33 News
- Fox 34 News
- Fox 4 News
- Fox 6 News
- Fox 8 News
- Good Morning Wyoming
- K2 News
- News @ 9
- Twin States News





















Dr. Saxena recognized with the Dean’s Excellence Award!
Congratulations to Dr. Saxena for being recognized with the College of Engineering Dean’s Excellence Award. This is the most prestigious award for tenure-track and tenured faculty members within Engineering Faculty Awards, who excel in all three pillars of academics — research, teaching and service. College of Engineering at Texas A&M University is a top 10 Engineering college within the nation housing 15 top-tier departments with world-class faculty.


Dr. Saxena appointed as the Senior Area Editor, IEEE TIFS
Dr. Saxena has been appointed as the Senior Area Editor of IEEE Transactions on Information Forensics and Security (TIFS). TIFS is one of the most reputed journals in the area of security. Dr. Saxena earlier served as an Editor of TIFS from 2013-16, in its inception years.