Popular VR Headsets & Apps Open To Hacking: Study

According to a new research paper presented at this year's IEEE Security & Privacy Workshop, current VR solutions on the market, along with a number of top VR social experiences and games, are open to hacking that could go as far as causing physical danger. Researchers were reportedly able to gather a large amount of relevant user and system data through simple network traffic analysis. The team also used a proof-of-concept exploit and resulting virus on a compromised sample PC to edit the parameters of a tested VR experience, resulting in a situation that could cause real physical danger to VR users and those nearby if a hacker or other malicious agent uses a similar approach on real victims.

To give some background, most room-scale VR experiences, such as ones offered by the HTC Vive and Oculus Rift, have a border that players hit when they're starting to approach the edge of their designated play area. This border in the virtual world lets them know that they're getting out of their designated VR space in the real world. Under the right conditions, the parameters of that border could be edited to essentially either railroad a hapless VR user into a real-life hazard or allow them to exit their normal play area, causing danger. Hackers could even create a modified or sullied room using an instance ID from a legitimate session, and drop players into it. VR is said to have already claimed its first victim that succumbed to physical injuries in Russia earlier this year, albeit initial reports suggest that the incident in question was a freak accident and not a result of any hacking taking place.

The social experiences tested were Bigscreen, Altspace VR, Rec Room and Facebook Spaces, and the implications were clear; in most cases, all it took to harvest players' information was being on the same network, and all it took to put players in real danger was compromising the PC being used. Since consumer Windows machines are known for lackluster security compared to more specialized systems, the risk here is very real. In order to safeguard users from data breaches, physical harm and other dangers, VR will have to be made more secure, which could mean things like sandboxing experiences, delivering them through the cloud, and even factoring in VR when creating consumer-facing PC security solutions.

You May Like These
More Like This:
About the Author
2018/10/Daniel-Fuller-2018.jpg

Daniel Fuller

Senior Staff Writer
Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, voice assistants, AI technology development, and hot gaming news in the Android world. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now